ICSA-24-352-03 · Published 2024-12-17 · View on CISA ICS-CERT ↗

Rockwell Automation PowerMonitor 1000 Remote

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition.

CVEs (3)

CVE-2024-12371 CVE-2024-12372 CVE-2024-12373

Remediations

Rockwell Automation has corrected these problems in firmware revision 4.020 and recommends users upgrade to the latest version available.
Rockwell Automation encourages users of the affected software, who are not able to upgrade to one of the corrected versions to apply security best practices, where possible.
For more information, see Rockwell Automation's security advisory.

Affected Vendors

Rockwell Automation

Affected Products (14)

Rockwell Automation · PM1k 1408-BC3A-485 <4.020

Rockwell Automation · PM1k 1408-BC3A-ENT <4.020

Rockwell Automation · PM1k 1408-TS3A-485 <4.020

Rockwell Automation · PM1k 1408-TS3A-ENT <4.020

Rockwell Automation · PM1k 1408-EM3A-485 <4.020

Rockwell Automation · PM1k 1408-EM3A-ENT <4.020

Rockwell Automation · PM1k 1408-TR1A-485 <4.020

Rockwell Automation · PM1k 1408-TR2A-485 <4.020

Rockwell Automation · PM1k 1408-EM1A-485 <4.020

Rockwell Automation · PM1k 1408-EM2A-485 <4.020

Rockwell Automation · PM1k 1408-TR1A-ENT <4.020

Rockwell Automation · PM1k 1408-TR2A-ENT <4.020

Rockwell Automation · PM1k 1408-EM1A-ENT <4.020

Rockwell Automation · PM1k 1408-EM2A-ENT <4.020

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more