A high-severity vulnerability in Rockwell Automation Studio 5000 Logix Designer version 30 could allow an attacker to compromise critical industrial control system engineering workstations.

This vulnerability affects version 30 of the Studio 5000 Logix Designer software. While specific technical details are limited in this late disclosure, the High CVSS score suggests a flaw that could allow an attacker to interfere with the engineering of programmable logic controllers (PLCs).

In an industrial environment, a compromise of the engineering workstation is critical. An attacker could potentially modify PLC logic, leading to operational downtime, physical equipment damage, or safety risks. The CVSS score of 7.8 underscores the significant risk to critical infrastructure and manufacturing operations.

Immediate Action: Apply the latest security updates or firmware patches provided by Rockwell Automation for Studio 5000 Logix Designer version 30.

Proactive Monitoring: Monitor network traffic between engineering workstations and PLCs for unauthorized configuration changes or anomalous communication patterns.

Compensating Controls: Ensure engineering workstations are isolated in a secure management VLAN and utilize multi-factor authentication for all access to the ICS environment.

Public Exploit Available: false

We recommend that OT and IT security teams collaborate to patch affected engineering workstations immediately. Maintaining the integrity of the Studio 5000 environment is essential for the safe and reliable operation of industrial processes.