On July 11, 2024, Rockwell Automation reported critical vulnerabilities in FactoryTalk System Services and Policy Manager, impacting versions 6.40. These flaws involve improper privilege management, with a CVSS v4 score of 6.0, which could allow unauthorized access to private keys. This exposure may enable attackers to impersonate resources on a secured network.
The vulnerabilities include insecure storage of private keys and temporary exposure during backup processes. CVE-2024-6325 and CVE-2024-6236 could allow a malicious user to access these keys, compromising network security. Rockwell Automation, headquartered in the United States, has issued updates and recommended mitigations to address these issues.
Users are advised to update to FactoryTalk System Services and Policy Manager version 6.40.01 and follow a detailed process to clear outdated security configurations. Implementing these updates and adhering to best practices will help secure the network and protect against potential exploitation.
CISA recommends minimizing network exposure and using secure remote access methods like VPNs to further protect against these vulnerabilities. Organizations should conduct impact assessments and follow cybersecurity strategies to ensure robust defenses against potential threats.