CISA has published an advisory on a deserialization of untrusted data vulnerability in Rockwell Automation Factory Talk Diagnostics. All versions are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. Rockwell Automation is currently working to develop updated software that addresses the reported vulnerability. Rockwell Automation recommends affected users implement the compensating controls, based on their needs. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!