Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with patch released in version 1.40, and remediation measures with upgrade to version 1.40, and containment measures with network segmentation, containment measures with firewall rules to restrict wdb agent access, and remediation measures with firmware update to version 12.001, remediation measures with disabling wdb agent in production, and communication strategy with public security advisory (published 2025-08-14), and network segmentation with recommended for environments where immediate patching is not feasible, and enhanced monitoring with continuous monitoring of network traffic for suspicious activities, and and containment measures with breach was quickly contained, and remediation measures with fixed the exploited vulnerability (technical details not disclosed), remediation measures with mandatory password reset for all users, and communication strategy with public notification, communication strategy with user advisories for password reset and 2fa enablement, communication strategy with clarification that payment data was not at risk..

Common Attack Types: The most common types of attacks the company has faced is Vulnerability.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Operational Data, Industrial Process Information, System Memory, , Email Addresses, Usernames, Securely Hashed Passwords and .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to Version 1.40, Firmware update to version 12.001, Disabling WDB agent in production, , Fixed the exploited vulnerability (technical details not disclosed), Mandatory password reset for all users, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch released in version 1.40, network segmentation, firewall rules to restrict wdb agent access, , breach was quickly contained and .

Key Lessons Learned: The key lessons learned from past incidents are Avoid shipping products with debugging interfaces enabled by default in production environments.,Prioritize firmware updates for critical industrial control systems.,Implement network segmentation and access controls for industrial automation networks.,Conduct regular security assessments of industrial infrastructure to identify similar vulnerabilities.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Implement network segmentation to isolate industrial control systems if patching is delayed., Immediate Upgrading to Version 1.40, Monitor network traffic for suspicious activities targeting industrial devices. and Perform security assessments to identify and mitigate similar vulnerabilities in other systems..

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Rockwell Automation Security AdvisoryDate Accessed: 2025-08-14, and Source: Plex Official NotificationUrl: https://plex.tv/reset.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Security Advisory (Published 2025-08-14), Public Notification, User Advisories For Password Reset And 2Fa Enablement and Clarification That Payment Data Was Not At Risk.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Security Advisory Issued By Rockwell Automation, Urgent Recommendation To Update Firmware And Implement Mitigations, , Mandatory Password Reset For All Users., Enable 2Fa For Enhanced Security., Log Out Of All Sessions For Sso Users., Plex Will Not Request Sensitive Information Via Email. and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Continuous monitoring of network traffic for suspicious activities.

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patch and Upgrade Recommendations, Firmware Update To Disable Wdb Agent By Default, Network Segmentation And Access Controls For Industrial Systems, Enhanced Monitoring For Unauthorized Access Attempts, , Fixed The Exploited Vulnerability, Enforced Password Resets And 2Fa Recommendations, .

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-08-14.

Most Significant Data Compromised: The most significant data compromised in an incident were Operational data, Sensitive industrial process information, , Email addresses, Usernames, Securely hashed passwords and .

Most Significant System Affected: The most significant system affected in an incident were M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, /, D, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, F, /, C, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, R, /, C, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 3, T, R, /, B, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, M, o, d, e, l, :, , 1, 7, 5, 6, -, E, N, 2, T, P, /, A, ,, F, i, r, m, w, a, r, e, :, , ≤, 1, 1, ., 0, 0, 4, ,, and One of Plex's databases.

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Patch Released in Version 1.40, Network segmentationFirewall rules to restrict WDB agent access and Breach was quickly contained.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, Securely hashed passwords, Operational data, Sensitive industrial process information and Usernames.

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Conduct regular security assessments of industrial infrastructure to identify similar vulnerabilities.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Immediately update affected ControlLogix Ethernet modules to firmware version 12.001., Apply firewall rules to restrict access to debugging interfaces (e.g., WDB agent)., Implement network segmentation to isolate industrial control systems if patching is delayed., Users should reset passwords via plex.tv/reset and select 'Sign out connected devices after password change'., Single Sign-On (SSO) users should log out of all sessions via plex.tv/security and reauthenticate., Immediate Upgrading to Version 1.40, Monitor network traffic for suspicious activities targeting industrial devices., Enable two-factor authentication (2FA) for added security., Perform security assessments to identify and mitigate similar vulnerabilities in other systems. and Remain vigilant against phishing attempts (Plex will never request passwords or payment details via email)..

Most Recent Source: The most recent source of information about an incident are Plex Official Notification and Rockwell Automation Security Advisory.

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://plex.tv/reset .

Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed; mitigation available (firmware update).

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public security advisory issued by Rockwell Automation, .

Most Recent Customer Advisory: The most recent customer advisory issued were an Urgent recommendation to update firmware and implement mitigations and Mandatory password reset for all users.Enable 2FA for enhanced security.Log out of all sessions for SSO users.Plex will not request sensitive information via email.

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate Input Sanitization, Insecure default configuration (WDB agent enabled in production)Lack of authentication for debugging interfaceNetwork-exposed critical industrial control components.

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patch and Upgrade Recommendations, Firmware update to disable WDB agent by defaultNetwork segmentation and access controls for industrial systemsEnhanced monitoring for unauthorized access attempts, Fixed the exploited vulnerabilityEnforced password resets and 2FA recommendations.