FYI, I received an email a few days ago about RA vulnerability with communication modules denial-of-service as well as ML1400 vulnerability.
Most of the communication modules listed have "No direct mitigation provided"
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1081928
The question I have is: WHY it has taken Rockwell so long to even report this type of vulnerability?
The real kicker here is to mitigate these vulnerabilities with their communication modules is to contact a local rep. or sales in order to upgrade to a newer product..$$$$
btw: the current client site that I'm working at has 100s of these comm modules.
Most of the communication modules listed have "No direct mitigation provided"
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1081928
The question I have is: WHY it has taken Rockwell so long to even report this type of vulnerability?
The real kicker here is to mitigate these vulnerabilities with their communication modules is to contact a local rep. or sales in order to upgrade to a newer product..$$$$
btw: the current client site that I'm working at has 100s of these comm modules.