Rockwell Automation Warns Admin to Disconnect Devices From Internet

Rockwell Automation has sent an urgent message to all of its customers because of rising geopolitical issues and hostile cyber activity worldwide.

The company is asking that any devices currently connected to the public internet be checked out immediately and shut down if they aren’t meant to do so.


This proactive step is meant to lower the attack surface and lower the risk of harmful cyber activity from outside threat actors who are not allowed to do so.

Rockwell Automation stresses that devices like cloud and edge offerings not made to connect to the public internet should never be set up to connect straight to the public internet.

By cutting off this connection, users can make themselves much less vulnerable to online threats.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

Guidance and Resources for Enhanced Cybersecurity

Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) have provided several resources to assist customers in identifying and disconnecting exposed assets, these include:

  • Rockwell Automation | Advisory on web search tools that identify ICS devices and systems connected to the Internet [login required]
  • CISA | NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
  • CISA | How-to Guide: Stuff Off Shodan

These documents offer detailed information on identifying assets exposed to the public internet and the steps necessary to disconnect them.

In cases where disconnection is not feasible, Rockwell Automation strongly advises customers to follow the security best practices outlined in their document; adhering to these guidelines can help bolster defenses against potential cyber threats.

As the global cyber threat landscape continues to evolve, Rockwell Automation’s advisory serves as a critical reminder of the importance of robust cybersecurity measures.

Customers can play a crucial role in safeguarding their operations against malicious cyber activities by taking immediate action to secure their devices.

Customers should be aware of the following linked CVEs and ensure that mitigations are in place, if possible.

CVE No.Alert Code (ICSA)Advisory Name and Link, URL
2021-2268121-056-03CISA | Rockwell Automation Logix Controllers (Update A)
2022-115922-090-07CISA | Rockwell Automation Studio 5000 Logix Designer
2023-359523-193-01CISA | Rockwell Automation Select Communication Modules
2023-4629023-299-06CISA | Rockwell Automation FactoryTalk Services Platform
2024-2191424-086-04CISA | Rockwell Automation FactoryTalk View ME
2024-2191524-046-16CISA | Rockwell Automation FactoryTalk Service Platform
2024-2191724-030-06CISA | Rockwell Automation FactoryTalk Service Platform

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.