Rockwell Automation Patches Critical Flaws in Logix, FactoryTalk, and RSLinx Products
Rockwell Automation released patches for multiple vulnerabilities across its Logix controllers, FactoryTalk suite, RSLinx software, and Flex I/O adapters, including critical authentication bypass and DoS flaws.
Rockwell Automation on Tuesday announced patches for a broad set of vulnerabilities affecting its industrial control system (ICS) products, including Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx communication software, and the FactoryTalk automation suite. The advisories, also distributed by CISA, cover flaws ranging from critical authentication bypasses to denial-of-service (DoS) bugs that could disrupt critical infrastructure environments.
In FactoryTalk Historian Site Edition, Rockwell patched three high- and critical-severity vulnerabilities that could allow attackers to bypass authentication and launch DoS attacks. The company also addressed a high-severity improper API authorization issue in FactoryTalk Analytics PavilionX, which could let an unauthorized actor execute privileged operations such as user and role management. CISA separately disclosed this flaw as CVE-2025-14272 in a prior advisory.
Several CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers received fixes for a high-severity DoS vulnerability that can cause a major, non-recoverable fault requiring a special recovery program. Some CompactLogix controllers are also affected by two additional DoS issues. These flaws could be exploited remotely without authentication, posing a significant risk to industrial processes.
Flex I/O dual-port Ethernet/IP adapters are affected by a DoS flaw and a critical vulnerability that allows an unauthenticated attacker to change a device's web interface password, potentially leading to unauthorized access and account takeover. CISA previously disclosed these as CVE-2026-0646 and CVE-2026-0647. In RSLinx, Rockwell patched an old DoS vulnerability introduced by a third-party component.
Rockwell confirmed that none of the newly addressed security holes have been targeted by threat actors in the wild. However, the company recently acknowledged the in-the-wild exploitation of an older vulnerability, CVE-2021-22681. The patches come as part of the vendor's regular security maintenance cycle, with users urged to apply updates promptly to mitigate potential risks.
The vulnerabilities affect products widely deployed in manufacturing, energy, and other critical infrastructure sectors. Rockwell's advisories were also distributed by CISA, though the agency did not publish an advisory for the FactoryTalk Historian flaws. The coordinated disclosure highlights the ongoing challenge of securing legacy and modern ICS components against evolving threats.