← Back to home
ICSA-23-026-06  ·  Published 2023-01-26  ·  View on CISA ICS-CERT ↗

Rockwell Automation products using GoAhead Web Server

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could have a high impact on the confidentiality, integrity, and availability of the vulnerable devices.

CVEs (2)

Remediations

  • 1769-AENTR: Update to 1.003 or later
  • 5069-AEN2TR (discontinued): Migrate to the 5069-AENTR.
  • 1756-EN2T/D: Update to 11.002 or later
  • 1756-EN2TR/C: Update to 11.002 or later
  • 1756-EN2F/C: Update to 11.002 or later
  • 1756-EN2TP/A: Update to 11.002 or later
  • 1756-HIST1G/A (discontinued): Update to series B v5.104 or C 7.100 or later
  • 1756-HIST2G/A (discontinued): Update to series B v5.104 or C 7.100 or later
  • 1756-HIST2G/B: Update to 5.104 or later
  • ControlLogix 5580 controllers: Update to V32.016 or later
  • GuardLogix 5580 controllers: Update to V32.016 or later
  • CompactLogix 5380 controllers: Update to V32.016 or later
  • Compact GuardLogix 5380 controllers: Update to V32.016 or later
  • CompactLogix 5480: Update to V32.016 or later
  • Disable the web server if possible. Review the corresponding product user manual for instructions, which can be found in the Rockwell Automation literature library.
  • For 1732E, upgrade to the latest firmware to disable the web server.
  • Configure firewalls to disallow network communication through HTTP/Port 80.
  • See the Rockwell Automation Knowledgebase article, Security Best Practices, for more recommendations to maintain security posture of an environment
  • Users should see the Rockwell Automation security advisory for more information.

Affected Vendors

Rockwell Automation

Affected Products (28)

Rockwell Automation · 1732E-8CFGM8R/A 1.012
Rockwell Automation · 1732E-IF4M12R/A (discontinued) 1.012
Rockwell Automation · 1732E-IR4IM12R/A 1.012
Rockwell Automation · 1732E-IT4IM12R/A 1.012
Rockwell Automation · 1732E-OF4M12R/A 1.012
Rockwell Automation · 1732E-OB8M8SR/A 1.013
Rockwell Automation · 1732E-IB8M8SOER 1.012
Rockwell Automation · 1732E-8IOLM12R 2.011
Rockwell Automation · 1747-AENTR 2.002
Rockwell Automation · 1769-AENTR 1.001
Rockwell Automation · 5069-AEN2TR 3.011
Rockwell Automation · 1756-EN2TR/C <= 11.001
Rockwell Automation · 1756-EN2T/D <= 11.001
Rockwell Automation · 1756-EN2TSC/B (discontinued) 10.01
Rockwell Automation · 1756-EN2TSC/B 10.01
Rockwell Automation · 1756-HIST1G/A (discontinued) <= 3.054
Rockwell Automation · 1756-HIST2G/A(discontinued) <= 3.054
Rockwell Automation · 1756-HIST2G/B <= 5.103
Rockwell Automation · ControlLogix 5580 controllers 28 - 32
Rockwell Automation · GuardLogix 5580 controllers 31 - 32
Rockwell Automation · CompactLogix 5380 controllers 28 - 32
Rockwell Automation · Compact GuardLogix 5380 controllers 31 - 32
Rockwell Automation · CompactLogix 5480 controllers 32
Rockwell Automation · 1756- EN2T/D 11.001
Rockwell Automation · 1756-EN2TR/C 11.001
Rockwell Automation · 1765 - EN3TR/B 11.001
Rockwell Automation · 1756-EN2F/C 11.001
Rockwell Automation · 1756-EN2TP/A 11.001

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more