Critical Vulnerabilities Found in Rockwell FactoryTalk AssetCentre

Claroty (Team82) disclosed nine critical CVSS‑10 vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre (v10 and earlier), including multiple deserialization issues, SQL injection, and an OS command injection. These pre‑authentication flaws could allow unauthenticated remote code execution on AssetCentre servers and agents, enabling attackers to compromise engineering workstations and PLCs across OT networks; Rockwell released fixes and recommends upgrading to v11 and applying secure configurations (SSL/IPSec) as mitigations.