Disconnect Immediately: Rockwell Automation Issues Urgent Warning for Industrial Controllers
Do Son 
In a proactive move aimed at securing critical infrastructure, Rockwell Automation has issued a high-priority “Important Notice” to its global customer base. The advisory comes as the company identifies specific threat actor activity targeting industrial controllers, prompting a stern recommendation to disconnect sensitive Operational Technology (OT) assets from the public internet immediately.
The warning underscores a growing trend in the threat landscape where Programmable Logic Controllers (PLCs)—the silicon brains behind everything from water treatment plants to factory floors—are increasingly becoming primary targets for sophisticated cyber-adversaries.
The advisory is not a response to a single breach, but rather a strategic maneuver to get ahead of observed malicious activity. Rockwell Automation is emphasizing that the security of an installed base depends heavily on removing the most common avenue of attack: direct internet exposure.
“Rockwell Automation has become aware of potential threat actor activity targeting Rockwell Automation controllers. We are reaching out proactively to inform our customers and to provide immediate recommendations for strengthening the security of their installed base.”
By air-gapping these devices, organizations can effectively neutralize remote exploits that rely on scanning the public web for vulnerable industrial hardware.
Rockwell is providing a technical roadmap for hardening industrial environments. The company has outlined three critical steps that administrators should take without delay:
- Eliminate Internet Exposure: “Customers should ensure that controllers are not exposed to the public internet.” This is the single most effective way to prevent remote unauthorized access.
- Enable Native Protections: “Customers should ensure security protections are enabled on their controllers.” This includes utilizing built-in security features detailed in the company’s System Security Design Guidelines.
- Defense-in-Depth: Organizations are encouraged to combine these steps with broader industrial network architectures to segment and protect OT assets from the rest of the corporate network.
The notice also serves as a reminder of the persistent vulnerabilities that have plagued industrial hardware. Rockwell pointed to a list of previously identified flaws in product lines like the Micro800 and MicroLogix, including:
The accumulation of these risks makes a hardened, disconnected posture essential for national and economic security.
Beyond just disconnecting devices, Rockwell is pushing for a total “defense-in-depth” strategy. This involves not only securing the controllers themselves but also the networks they live on.
“When possible, combine the above guidance with general security guidelines for a comprehensive defense-in-depth strategy. Please refer to our Industrial Network Architectures Page for comprehensive information to help segment and protect your OT assets.”
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
