Overview
- Following a multi‑agency warning this week, CISA told operators to remove Rockwell/Allen‑Bradley programmable logic controllers from public internet access and to check traffic on ports 44818, 2222, 102, and 502.
- Censys counted 5,219 Rockwell/Allen‑Bradley hosts exposed online worldwide and reported that roughly 3,900 are in the United States, with large shares riding cellular networks run by Verizon and AT&T.
- The FBI said intruders pulled device project files and altered data shown on HMI and SCADA screens, and federal agencies confirmed some victims suffered operational disruption and financial loss.
- These controllers run pumps, valves, and substations in energy, water, and government facilities, so a compromise can change set points or start and stop equipment in ways that cause real‑world harm.
- Censys found many devices use end‑of‑life software and expose extra services that widen attack paths, and agencies urged MFA, firmware updates, hardened configs, offline backups, and log reviews to reduce risk.