More than 12 Rockwell Automation product vulnerabilities disclosed

Over a dozen security vulnerabilities impacting Rockwell Automation products have been detailed across six new security advisories, four of which have also been issued by the Cybersecurity and Infrastructure Security Agency, reports SecurityWeek. Organizations have been warned that Kinetix 5500 industrial control routers made from May 2022 to January 2023 and running on firmware version 7.13 are impacted by a critical flaw, tracked as CVE-2023-1834, which could be exploited for device access but has already been patched with an updated firmware version. Threat actors could also leverage two critical vulnerabilities in Rockwell Automations PanelView 800 graphics terminals to trigger a heap buffer overflow should the email feature be activated in the project file. Nearly 10 cross-site scripting bugs have also been found in certain ArmorStart ST distributed motor controllers, which could be exploited with user interaction. However, none of the detailed bugs were included in the CISA's Known Exploited Vulnerabilities Catalog. Such advisories follow reported federal investigations into Rockwell Automation's operations in Dalian, China, concerning employee access to code that may compromise the firm's clients.