ICSA-19-050-04
·
Published 2019-09-05
·
View on CISA ICS-CERT ↗
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability of the device.
CVEs (2)
Remediations
- Rockwell Automation has released FRN 4.019, which addresses the reported vulnerabilities.
- Rockwell Automation reports CheckPoint Software Technologies has released IPS rules to detect attempts to exploit CVE-2018-19615.
- In the event a user can not apply the FRN 4.019 patch, Rockwell Automation notes users can temporarily mitigate these vulnerabilities by disabling the FTP port using the LCD configuration menu or in the configuration options. Users can also disable access to the webpage using the LCD screen configuration menu or in the configuration options.
- For more information, Rockwell Automation has released a security notification (login required).
Affected Vendors
Rockwell Automation
Affected Products (1)
Rockwell Automation
·
PowerMonitor 1000
vers:all/*
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more