Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities

CVEs (2)

Remediations

• Rockwell Automation has released Version 2.20.00 and Version 2.30.00, which both address the identified vulnerabilities. Rockwell Automation recommends that FactoryTalk EnergyMetrix users install Version 2.30.00 or the latest version. Rockwell Automation’s new versions, Version 2.20.00 and Version 2.30.00, are available at the following URL, with a valid account: (http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=1&crumb=112)
• In addition to applying the latest software version, Rockwell Automation recommends applying the following additional mitigations, when possible: Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with the minimum amount of rights that are needed. Configure and enable HTTPS on your FactoryTalk EnergyMetrix server, which will help protect the confidentiality and integrity of information exchanged between the web browser and server. Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted web sites and attachments. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.
• Rockwell Automation’s security notification is available at the following URL with a valid account: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/866393)

Affected Vendors

Affected Products (1)