A recently republished CISA advisory warns that Rockwell Automation’s FactoryTalk Linx contains a serious improper access control flaw that—when triggered by setting Node.js’ process.env.NODE_ENV to "development"—can disable FTSP token validation and allow an attacker to create, update, or...
Rockwell’s advisory republication this week exposes a subtle but serious weakness in FactoryTalk Linx that—if present in your environment—lets an attacker bypass FTSP token validation and perform privileged driver management actions, and CISA is clear: update to FactoryTalk Linx v6.50 as the...