CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability
Query
// https://securityonline.info/9-8-cvss-score-rockwell-automation-impacted-by-high-severity-log4net-vulnerability/
// https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1728.html
DeviceInfo
| where Vendor has "rockwell"
| summarize arg_max(TimeGenerated, *) by DeviceIdExplanation
This KQL (Kusto Query Language) query is designed to analyze data related to devices from Rockwell Automation. Here's a simple breakdown of what the query does:
-
Data Source: The query is pulling data from a table or dataset named
DeviceInfo. -
Filter: It filters the data to only include entries where the
Vendorfield contains the word "rockwell". This means it is specifically looking for devices associated with Rockwell Automation. -
Summarize: The query then summarizes the data by finding the most recent entry (based on
TimeGenerated) for each uniqueDeviceId. Thearg_max(TimeGenerated, *)function is used to achieve this, which selects the row with the maximumTimeGeneratedvalue for eachDeviceId.
In summary, this query retrieves the latest information for each Rockwell Automation device from the dataset.
Details

Steven Lim
Released: May 22, 2025
Tables
Keywords
Operators