Rockwell Automation Company CyberSecurity Posture
rockwellautomation.com
At Rockwell Automation, we connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more intelligent, more connected and more productive. Throughout the world, our flagship Allen-Bradley® and Rockwell Software® product brands are recognized for innovation and excellence.
Company Details
rockwell-automation
21,282
1,109,078
33325
rockwellautomation.com
243
ROC_7277939
Completed
Rockwell Automation Risk Score (AI oriented)Between 750 and 799
Rockwell Automation Global Score (TPRM)XXXX
Description: Plex confirmed a security breach where an unauthorized party accessed one of its databases, exposing a subset of customer data. The compromised information included **email addresses, usernames, and securely hashed passwords**, though Plex emphasized that passwords were hashed per industry standards (algorithm undisclosed). While payment card data was not at risk—since Plex does not store such details—the incident marks the company’s **second major breach in recent years**, following a similar 2022 attack. Plex contained the breach swiftly and mandated password resets for all users, advising additional precautions like enabling **two-factor authentication (2FA)** and logging out of active sessions. The company fixed the exploited vulnerability but did not disclose technical specifics or remediation steps. The exposure of **customer credentials** raises risks of credential-stuffing attacks or phishing attempts, despite the hashing protection.
Description: A critical security vulnerability (CVE-2025-7353, CVSS 9.8) was discovered in Rockwell Automation’s **ControlLogix Ethernet communication modules**, exposing industrial control systems (ICS) to remote code execution (RCE) attacks. The flaw stems from an **insecure default configuration** in the web-based debugger (WDB) agent, left enabled in production environments. Unauthenticated attackers exploiting this vulnerability can **dump memory, modify system operations, and manipulate industrial processes**, posing severe risks to manufacturing, energy, or critical infrastructure.The affected modules (e.g., **1756-EN2T/D, 1756-EN3TR/B**) serve as core interfaces between programmable automation controllers (PACs) and Ethernet networks. Successful exploitation could lead to **operational disruptions, unauthorized access to sensitive data, or physical damage**—such as halting factory production, tampering with safety systems, or causing cascading failures in industrial environments. While Rockwell released a patch (firmware **12.001**), delayed updates increase exposure, particularly in sectors like **energy, water treatment, or nuclear plants**, where such attacks could escalate to **life-threatening scenarios or regional economic threats** if critical services are compromised.
Description: Rockwell Automation's Industrial Data Center products are vulnerable due to a deserialization issue that could allow remote code execution. This vulnerability is particularly concerning as Industrial Data Centers are integral to processing and managing large volumes of industrial data.
Description: Rockwell Automation encountered a high-severity security vulnerability (CVE-2025-1449) in its Verve Asset Manager, affecting all versions up to 1.39. The flaw, due to inadequate input sanitization, could let attackers with administrative privileges execute arbitrary commands. With a CVSS base score of 9.1, the vulnerability poses a critical risk, potentially enabling the disruption of industrial processes, unauthorized access to sensitive data, or long-term presence within the network. Rockwell has released a patch in version 1.40 and recommends immediate upgrading to mitigate the issue.
Rockwell Automation has 322.54% more incidents than the average of same-industry companies with at least one recorded incident.
Rockwell Automation has 368.75% more incidents than the average of all companies with at least one recorded incident.
Rockwell Automation reported 3 incidents this year: 0 cyber attacks, 0 ransomware, 3 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Rockwell Automation cyber incidents detection timeline including parent company and subsidiaries
At Rockwell Automation, we connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more intelligent, more connected and more productive. Throughout the world, our flagship Allen-Bradley® and Rockwell Software® product brands are recognized for innovation and excellence.
Schneider Electric is a global energy technology leader, driving efficiency and sustainability by electrifying, automating, and digitalizing industries, businesses, and homes. Its technologies enable buildings, data centers, factories, infrastructure, and grids to operate as open, interconnected e
ABB is a technology leader in electrification and automation, enabling a more sustainable and resource-efficient future. The company’s solutions connect engineering know-how and software to optimize how things are manufactured, moved, powered and operated. Building on over 140 years of excellence, A
Emerson is a leading global technology, software, and engineering company providing innovative solutions for customers in industrial and commercial markets. We help customers in the world’s most essential industries solve the biggest challenges of modern life. Every day, our global workforce fulfil
Siemens AG (Berlin and Munich) is a leading technology company focused on industry, infrastructure, mobility, and healthcare. The company’s purpose is to create technology to transform the everyday, for everyone. By combining the real and the digital worlds, Siemens empowers customers to accelerate
KUKA SE & Co. KGaA is a global leader in intelligent automation solutions, generating around 3.7 billion euro in sales and employing approximately 15,000 people worldwide. Headquartered in Augsburg, Germany, KUKA’s mission is to make automation accessible for everyone - simple, intuitive and sustain
Astra was established in 1957 as a trading company. Over the course of its development, Astra has formed a number of strategic alliances with leading global players. Since 1990, the Company has been listed on the Indonesia Stock Exchange. Astra currently engages in seven business lines: Autom
.png)
Control's monthly resources guide on OT cybersecurity resources for process engineering.
Rockwell Automation has launched an industrial cybersecurity suite designed to protect critical operations and build secure environments for...
Rockwell Automation introduced SecureOT, a cybersecurity solution suite designed to help industrial organizations protect operations,...
Rockwell Automation launches SecureOT suite to strengthen industrial cybersecurity, protect OT systems, and ensure uptime.
Rockwell Automation has introduced the SecureOT solution suite, developed for industrial operators and critical infrastructure facing...
Industrial automation giant unveils comprehensive security platform to protect manufacturing and critical infrastructure from rising cyber threats.
Rockwell Automation has introduced a new cybersecurity suite tailored for industrial operations, seeking to address growing threats to...
SecureOT was developed to help organizations secure their OT infrastructure with technology and expertise built for the realities of modern...
Rockwell Automation, Inc. announced the launch of SecureOT?? solution suite, a comprehensive industrial cybersecurity offering designed to...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Rockwell Automation is http://www.rockwellautomation.com/.
According to Rankiteo, Rockwell Automation’s AI-generated cybersecurity score is 793, reflecting their Fair security posture.
According to Rankiteo, Rockwell Automation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Rockwell Automation is not certified under SOC 2 Type 1.
According to Rankiteo, Rockwell Automation does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Rockwell Automation is not listed as GDPR compliant.
According to Rankiteo, Rockwell Automation does not currently maintain PCI DSS compliance.
According to Rankiteo, Rockwell Automation is not compliant with HIPAA regulations.
According to Rankiteo,Rockwell Automation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Rockwell Automation operates primarily in the Automation Machinery Manufacturing industry.
Rockwell Automation employs approximately 21,282 people worldwide.
Rockwell Automation presently has no subsidiaries across any sectors.
Rockwell Automation’s official LinkedIn profile has approximately 1,109,078 followers.
Rockwell Automation is classified under the NAICS code 33325, which corresponds to Others.
Yes, Rockwell Automation has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/rockwell-automation.
Yes, Rockwell Automation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/rockwell-automation.
As of November 28, 2025, Rankiteo reports that Rockwell Automation has experienced 4 cybersecurity incidents.
Rockwell Automation has an estimated 3,161 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with patch released in version 1.40, and remediation measures with upgrade to version 1.40, and containment measures with network segmentation, containment measures with firewall rules to restrict wdb agent access, and remediation measures with firmware update to version 12.001, remediation measures with disabling wdb agent in production, and communication strategy with public security advisory (published 2025-08-14), and network segmentation with recommended for environments where immediate patching is not feasible, and enhanced monitoring with continuous monitoring of network traffic for suspicious activities, and and containment measures with breach was quickly contained, and remediation measures with fixed the exploited vulnerability (technical details not disclosed), remediation measures with mandatory password reset for all users, and communication strategy with public notification, communication strategy with user advisories for password reset and 2fa enablement, communication strategy with clarification that payment data was not at risk..
Title: Rockwell Automation Verve Asset Manager Vulnerability (CVE-2025-1449)
Description: Rockwell Automation encountered a high-severity security vulnerability (CVE-2025-1449) in its Verve Asset Manager, affecting all versions up to 1.39. The flaw, due to inadequate input sanitization, could let attackers with administrative privileges execute arbitrary commands. With a CVSS base score of 9.1, the vulnerability poses a critical risk, potentially enabling the disruption of industrial processes, unauthorized access to sensitive data, or long-term presence within the network.
Type: Vulnerability Exploit
Attack Vector: Inadequate Input Sanitization
Vulnerability Exploited: CVE-2025-1449
Motivation: Disruption of Industrial ProcessesUnauthorized Access to Sensitive DataLong-term Presence Within the Network
Title: Deserialization Vulnerability in Rockwell Automation's Industrial Data Center Products
Description: Rockwell Automation's Industrial Data Center products are vulnerable due to a deserialization issue that could allow remote code execution. This vulnerability is particularly concerning as Industrial Data Centers are integral to processing and managing large volumes of industrial data.
Type: Vulnerability
Attack Vector: Deserialization of Untrusted Data
Vulnerability Exploited: Deserialization Issue
Title: Critical Remote Code Execution Vulnerability in Rockwell Automation ControlLogix Ethernet Modules (CVE-2025-7353)
Description: A critical security vulnerability (CVE-2025-7353, CVSS 9.8) was discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, allowing unauthenticated remote attackers to execute arbitrary code, dump memory, and control industrial systems. The flaw stems from an insecure default configuration in the web-based debugger (WDB) agent, which remains enabled in production environments. Affected models include 1756-EN2T/D, 1756-EN2F/C, 1756-EN2TR/C, 1756-EN3TR/B, and 1756-EN2TP/A running firmware ≤11.004. Exploitation requires network access and a connection to the WDB agent via specific IP addresses, with no authentication or user interaction needed. Successful attacks could manipulate industrial processes, access sensitive data, or disrupt operations.
Date Publicly Disclosed: 2025-08-14
Type: Vulnerability
Attack Vector: Network-basedUnauthenticated access to WDB agentExploitation of debugging interface
Vulnerability Exploited: Cve Id: CVE-2025-7353, Cwe Id: CWE-1188, Cvss Score: 9.8, Cvss Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, Description: Insecure default configuration in the web-based debugger (WDB) agent, enabled on production devices..
Title: Plex Database Breach Exposes Customer Data
Description: Plex confirmed a security incident where an unauthorized party accessed one of its databases, exposing a subset of customer data including email addresses, usernames, and securely hashed passwords. The breach was quickly contained, and Plex advised all users to reset their passwords. This marks the second major security issue for Plex in recent years, following a similar 2022 breach.
Type: Data Breach
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Systems Affected: Verve Asset Manager
Operational Impact: Potential Disruption of Industrial Processes
Systems Affected: Industrial Data Centers
Data Compromised: Operational data, Sensitive industrial process information
Systems Affected: Model: 1756-EN2T/D, Firmware: ≤11.004, Model: 1756-EN2F/C, Firmware: ≤11.004, Model: 1756-EN2TR/C, Firmware: ≤11.004, Model: 1756-EN3TR/B, Firmware: ≤11.004, Model: 1756-EN2TP/A, Firmware: ≤11.004.
Operational Impact: Potential manipulation of industrial processesDisruption of manufacturing operationsUnauthorized access to control systems
Data Compromised: Email addresses, Usernames, Securely hashed passwords
Systems Affected: One of Plex's databases
Brand Reputation Impact: Potential reputational damage due to second breach in recent years
Identity Theft Risk: Low (passwords were hashed, but algorithm not disclosed; brute-force risk remains)
Payment Information Risk: None (Plex does not store payment card information)
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Operational Data, Industrial Process Information, System Memory, , Email Addresses, Usernames, Securely Hashed Passwords and .
Entity Name: Rockwell Automation
Entity Type: Company
Industry: Industrial Automation
Entity Name: Rockwell Automation
Entity Type: Company
Industry: Industrial Automation
Entity Name: Rockwell Automation
Entity Type: Corporation
Industry: Industrial Automation, Manufacturing, Critical Infrastructure
Location: Milwaukee, Wisconsin, USA
Entity Name: Plex
Entity Type: Company
Industry: Media/Streaming Services
Containment Measures: Patch Released in Version 1.40
Remediation Measures: Upgrade to Version 1.40
Containment Measures: Network segmentationFirewall rules to restrict WDB agent access
Remediation Measures: Firmware update to version 12.001Disabling WDB agent in production
Communication Strategy: Public security advisory (published 2025-08-14)
Network Segmentation: Recommended for environments where immediate patching is not feasible
Enhanced Monitoring: Continuous monitoring of network traffic for suspicious activities
Incident Response Plan Activated: True
Containment Measures: Breach was quickly contained
Remediation Measures: Fixed the exploited vulnerability (technical details not disclosed)Mandatory password reset for all users
Communication Strategy: Public notificationUser advisories for password reset and 2FA enablementClarification that payment data was not at risk
Type of Data Compromised: Operational data, Industrial process information, System memory
Sensitivity of Data: High (industrial control system data)
Data Exfiltration: Possible (memory dumps, system control)
Type of Data Compromised: Email addresses, Usernames, Securely hashed passwords
Sensitivity of Data: Moderate (no payment data; passwords hashed but algorithm undisclosed)
Data Encryption: Partially (passwords were hashed; other data likely unencrypted)
Personally Identifiable Information: Email addressesUsernames
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to Version 1.40, Firmware update to version 12.001, Disabling WDB agent in production, , Fixed the exploited vulnerability (technical details not disclosed), Mandatory password reset for all users, .
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch released in version 1.40, network segmentation, firewall rules to restrict wdb agent access, , breach was quickly contained and .
Lessons Learned: Avoid shipping products with debugging interfaces enabled by default in production environments., Prioritize firmware updates for critical industrial control systems., Implement network segmentation and access controls for industrial automation networks., Conduct regular security assessments of industrial infrastructure to identify similar vulnerabilities.
Recommendations: Immediate Upgrading to Version 1.40
Recommendations: Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Implement network segmentation to isolate industrial control systems if patching is delayed., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Monitor network traffic for suspicious activities targeting industrial devices., Perform security assessments to identify and mitigate similar vulnerabilities in other systems.Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Implement network segmentation to isolate industrial control systems if patching is delayed., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Monitor network traffic for suspicious activities targeting industrial devices., Perform security assessments to identify and mitigate similar vulnerabilities in other systems.Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Implement network segmentation to isolate industrial control systems if patching is delayed., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Monitor network traffic for suspicious activities targeting industrial devices., Perform security assessments to identify and mitigate similar vulnerabilities in other systems.Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Implement network segmentation to isolate industrial control systems if patching is delayed., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Monitor network traffic for suspicious activities targeting industrial devices., Perform security assessments to identify and mitigate similar vulnerabilities in other systems.Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Implement network segmentation to isolate industrial control systems if patching is delayed., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Monitor network traffic for suspicious activities targeting industrial devices., Perform security assessments to identify and mitigate similar vulnerabilities in other systems.
Recommendations: Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Enable two-factor authentication (2FA) for added security., Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email).Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Enable two-factor authentication (2FA) for added security., Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email).Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Enable two-factor authentication (2FA) for added security., Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email).Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Enable two-factor authentication (2FA) for added security., Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email).
Key Lessons Learned: The key lessons learned from past incidents are Avoid shipping products with debugging interfaces enabled by default in production environments.,Prioritize firmware updates for critical industrial control systems.,Implement network segmentation and access controls for industrial automation networks.,Conduct regular security assessments of industrial infrastructure to identify similar vulnerabilities.
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Implement network segmentation to isolate industrial control systems if patching is delayed., Immediate Upgrading to Version 1.40, Monitor network traffic for suspicious activities targeting industrial devices. and Perform security assessments to identify and mitigate similar vulnerabilities in other systems..
Source: Rockwell Automation Security Advisory
Date Accessed: 2025-08-14
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Rockwell Automation Security AdvisoryDate Accessed: 2025-08-14, and Source: Plex Official NotificationUrl: https://plex.tv/reset.
Investigation Status: Disclosed; mitigation available (firmware update)
Investigation Status: Ongoing (vulnerability fixed; technical details not disclosed)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Security Advisory (Published 2025-08-14), Public Notification, User Advisories For Password Reset And 2Fa Enablement and Clarification That Payment Data Was Not At Risk.
Stakeholder Advisories: Public Security Advisory Issued By Rockwell Automation.
Customer Advisories: Urgent recommendation to update firmware and implement mitigations
Customer Advisories: Mandatory password reset for all users.Enable 2FA for enhanced security.Log out of all sessions for SSO users.Plex will not request sensitive information via email.
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Security Advisory Issued By Rockwell Automation, Urgent Recommendation To Update Firmware And Implement Mitigations, , Mandatory Password Reset For All Users., Enable 2Fa For Enhanced Security., Log Out Of All Sessions For Sso Users., Plex Will Not Request Sensitive Information Via Email. and .
Root Causes: Inadequate Input Sanitization
Corrective Actions: Patch and Upgrade Recommendations
Root Causes: Insecure Default Configuration (Wdb Agent Enabled In Production), Lack Of Authentication For Debugging Interface, Network-Exposed Critical Industrial Control Components,
Corrective Actions: Firmware Update To Disable Wdb Agent By Default, Network Segmentation And Access Controls For Industrial Systems, Enhanced Monitoring For Unauthorized Access Attempts,
Corrective Actions: Fixed The Exploited Vulnerability, Enforced Password Resets And 2Fa Recommendations,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Continuous monitoring of network traffic for suspicious activities.
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patch and Upgrade Recommendations, Firmware Update To Disable Wdb Agent By Default, Network Segmentation And Access Controls For Industrial Systems, Enhanced Monitoring For Unauthorized Access Attempts, , Fixed The Exploited Vulnerability, Enforced Password Resets And 2Fa Recommendations, .
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-08-14.
Most Significant Data Compromised: The most significant data compromised in an incident were Operational data, Sensitive industrial process information, , Email addresses, Usernames, Securely hashed passwords and .
Most Significant System Affected: The most significant system affected in an incident were M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, /, D, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, F, /, C, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, R, /, C, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 3, T, R, /, B, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, P, /, A, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, and One of Plex's databases.
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Patch Released in Version 1.40, Network segmentationFirewall rules to restrict WDB agent access and Breach was quickly contained.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, Securely hashed passwords, Operational data, Sensitive industrial process information and Usernames.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Conduct regular security assessments of industrial infrastructure to identify similar vulnerabilities.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Implement network segmentation to isolate industrial control systems if patching is delayed., Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Immediate Upgrading to Version 1.40, Monitor network traffic for suspicious activities targeting industrial devices., Enable two-factor authentication (2FA) for added security., Perform security assessments to identify and mitigate similar vulnerabilities in other systems. and Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email)..
Most Recent Source: The most recent source of information about an incident are Plex Official Notification and Rockwell Automation Security Advisory.
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://plex.tv/reset .
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed; mitigation available (firmware update).
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public security advisory issued by Rockwell Automation, .
Most Recent Customer Advisory: The most recent customer advisory issued were an Urgent recommendation to update firmware and implement mitigations and Mandatory password reset for all users.Enable 2FA for enhanced security.Log out of all sessions for SSO users.Plex will not request sensitive information via email.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate Input Sanitization, Insecure default configuration (WDB agent enabled in production)Lack of authentication for debugging interfaceNetwork-exposed critical industrial control components.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patch and Upgrade Recommendations, Firmware update to disable WDB agent by defaultNetwork segmentation and access controls for industrial systemsEnhanced monitoring for unauthorized access attempts, Fixed the exploited vulnerabilityEnforced password resets and 2FA recommendations.
.png)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid