AutomationDirect Productivity PLCs

Risk Summary

Successful exploitation of these vulnerabilities could lead to remote code execution and denial of service.

CVEs (15)

Remediations

• AutomationDirect recommends that users:
• Update the Productivity Suite programming software to version 4.2.0.x or higher.
• Update Productivity PLC's firmware to the latest version.
• Although Automation Networks and Systems come equipped with built-in password protection mechanisms, this represents a fraction of the security measures needed to safeguard these systems. It is imperative that Automation Control System Networks integrate data protection and security measures that match, if not exceed, the robustness of conventional business computer systems. AutomationDirect advises users of PLCs, HMI products, and SCADA systems to conduct a thorough network security analysis to ascertain the appropriate level of security necessary for their specific application.
• AutomationDirect has identified the following mitigation for instances where systems cannot be upgraded to latest version:
• Physically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems.
• Configure network segmentation to isolate PLC from other devices and systems withing the organization.
• Implement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC.
• Please refer to the following link for supporting information related to security considerations. https://support.automationdirect.com/docs/securityconsiderations.pdf
• If you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance.

Affected Vendors

Affected Products (12)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Information Technology