<ciso brief/>
Tag Banner

All news with #denial-of-service tag

all tags →

Tue, November 18, 2025

Shelly Pro 4PM DoS Vulnerability (CVE-2025-11243)

#Security Advisory #Patch #Shelly #Industrial Control Systems #Denial-of-Service

⚠ A vulnerability in Shelly Pro 4PM (CVE-2025-11243) can cause device reboots and denial-of-service conditions. Due to insufficient input bounds checking in the device's JSON parser, specially crafted RPC requests can trigger memory overallocation and force a reboot. Devices running firmware prior to v1.6 are affected; CISA notes the exploit is reachable from adjacent networks with low attack complexity. Operators should update to v1.6.0 or later and limit network exposure.

read more →

Thu, October 16, 2025

Rockwell ArmorStart AOP: Uncaught Exception Causes DoS

#Security Advisory #Rockwell Automation #ArmorStart AOP #Denial-of-Service

⚠️ A remotely exploitable uncaught exception in Rockwell Automation's ArmorStart AOP for Studio 5000 Logix Designer can trigger a denial-of-service on versions V2.05.07 and earlier. The issue arises from invalid inputs to COM methods and is tracked as CVE-2025-9437 with a CVSS v4 base score of 8.7 (high). Rockwell reports no fix is available; users should apply vendor best practices and minimize network exposure.

read more →