All news with #rockwell automation tag

AADvance Trusted SIS Workstation: Rockwell Automation Flaw

⚠️ Rockwell Automation's AADvance-Trusted SIS Workstation has a directory traversal vulnerability (CWE-22) in DotNetZip (v1.16.0 and earlier) that can enable remote code execution if a user opens a crafted file. The issue is tracked as CVE-2024-48510 and has a CVSS v4 base score of 8.6 (CVSS v3.1 8.8). Affected versions are 2.00.00 through 2.00.04; Rockwell reports the defect is corrected in Version 2.01.00. Users unable to immediately upgrade should follow vendor guidance, minimize network exposure of control devices, isolate control networks, use secure remote access, and contact Rockwell support for assistance.

Rockwell Studio 5000 Simulation Interface Vulnerabilities

⚠️ Rockwell Automation disclosed two local vulnerabilities in Studio 5000 Simulation Interface (version 2.02 and earlier) that allow path traversal–based local code execution (CVE-2025-11696) and a local SSRF that can trigger outbound SMB requests for NTLM hash capture (CVE-2025-11697). Both issues carry high severity (CVSS v4: 9.3 and 8.8) and are exploitable by low-complexity local attackers. Rockwell recommends upgrading to version 3.0.0 or later; CISA advises isolating control system networks, minimizing exposure, and following secure remote-access practices.

CISA Releases 18 Industrial Control Systems Advisories

🔔 CISA released 18 Industrial Control Systems (ICS) advisories addressing security flaws across a broad set of vendors and product families. The advisories cover firmware, application software, and cloud services used in operational technology and industrial environments, including products from Siemens, Rockwell Automation, AVEVA, and Mitsubishi Electric. Administrators should review the advisories for technical details and apply vendor mitigations, patches, and compensating controls promptly to reduce risk to availability and safety.

Rockwell FactoryTalk Policy Manager DoS Vulnerability

⚠ Rockwell Automation reported a remotely exploitable vulnerability (CVE-2024-22019) in FactoryTalk Policy Manager that can lead to resource exhaustion and denial of service. The issue stems from Node.js HTTP handling of chunked transfer encoding (CWE-404) that permits unbounded reads from a single connection. Affected releases include Version 6.51.00 and earlier; Rockwell corrected the issue in Version 6.60.00. CISA assigns a high severity rating (CVSS v4 8.7) and recommends upgrading, minimizing network exposure, and isolating control networks behind firewalls.

Rockwell Automation FactoryTalk DataMosaix Vulnerabilities

🔒 Rockwell Automation disclosed multiple vulnerabilities in FactoryTalk DataMosaix Private Cloud that can enable MFA bypass and persistent cross-site scripting. The issues, tracked as CVE-2025-11084 and CVE-2025-11085, affect 7.11 and selected 8.x releases and carry CVSS v4 scores up to 8.6, indicating high severity. Rockwell has released patches and CISA advises applying updates, minimizing network exposure, and isolating control networks to reduce remote exploitation risk.

Rockwell Automation Verve Asset Manager Access Control Flaw

🔒 Rockwell Automation disclosed an Incorrect Authorization vulnerability in Verve Asset Manager that allows unauthorized read‑only users to read, update, and delete user accounts via the product API. The issue is tracked as CVE-2025-11862 and CISA reports a CVSS v4 base score of 8.4, noting remote exploitability and low attack complexity. Affected releases include versions 1.33 through 1.41.3; Rockwell fixed the flaw in 1.41.4 and 1.42. Administrators should prioritize updates and apply network mitigations to limit exposure.

Rockwell Automation 1783-NATR: Critical Remote Flaws

⚠️ Rockwell Automation's 1783-NATR network adapter contains multiple high-severity vulnerabilities, including missing authentication for critical functions, stored XSS, and CSRF. CISA assigns CVSS v4 9.9 for the most severe issue and warns these flaws can be exploited remotely with low complexity to cause denial-of-service, data modification, or credential compromise. Rockwell Automation recommends upgrading to 1.007 or later; CISA advises minimizing network exposure and isolating control networks.

Rockwell Compact GuardLogix 5370 Uncaught Exception

⚠️ Rockwell Automation has disclosed an uncaught exception vulnerability in Compact GuardLogix 5370 controllers that can be triggered by a crafted CIP unconnected explicit message and may cause a non‑recoverable fault resulting in denial-of-service. The issue is tracked as CVE-2025-9124 and carries a CVSS v4 base score of 8.7, indicating remote exploitability with low complexity. Rockwell recommends upgrading affected devices to firmware 30.14 or later; organizations unable to upgrade should follow vendor security best practices and apply network isolation measures.

CISA Releases 10 ICS Advisories Covering Multiple Vendors

🔔 CISA released 10 Industrial Control Systems (ICS) advisories providing technical details about vulnerabilities, impacts, and mitigations affecting multiple vendors. Notable entries include Rockwell Automation products (1783-NATR, Compact GuardLogix 5370), Siemens devices (SIMATIC S7-1200, RUGGEDCOM ROS), Schneider Electric Modicon controllers and HMI software, plus camera and networking products. Administrators should review each advisory and apply recommended mitigations promptly.

Rockwell FactoryTalk Linx MSI Privilege Chaining Flaw

⚠️ Rockwell Automation disclosed two privilege-chaining vulnerabilities in FactoryTalk Linx (versions 6.40 and prior) that allow authenticated Windows users to escalate to SYSTEM privileges by hijacking MSI repair console windows. The issues are tracked as CVE-2025-9067 and CVE-2025-9068 and carry a CVSS v4 base score of 8.5 (CVSS v3.1 7.8). Rockwell recommends applying the Microsoft MSI patch and upgrading to FactoryTalk Linx 6.50 or later; CISA notes these flaws are not remotely exploitable and no public exploitation has been reported.

CISA Issues Thirteen ICS Advisories on October 16, 2025

🔔 CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025, providing details on vulnerabilities and mitigations affecting multiple vendors. The advisories cover products from Rockwell Automation (FactoryTalk View Machine Edition, Linx, ViewPoint, ArmorStart AOP), Siemens (Solid Edge, SiPass Integrated, SIMATIC ET 200SP Communication Processors, SINEC NMS, TeleControl Server Basic, HyperLynx and Industrial Edge App Publisher), Hitachi Energy (MACH GWS), and updates for Schneider Electric and Delta Electronics. Administrators and operators are urged to review the technical details and apply recommended mitigations to reduce exposure and maintain operational continuity.

Rockwell FactoryTalk ViewPoint XML External Entity Flaw

🔒 Rockwell Automation reported a FactoryTalk ViewPoint XML External Entity (XXE) vulnerability (CVE-2025-9066) that can be exploited remotely with low attack complexity to induce a temporary denial-of-service via crafted SOAP requests. Affected devices include PanelView Plus 7 terminals (version 14 and prior). Rockwell released firmware fixes and patches, and CISA recommends minimizing network exposure, isolating control networks, and applying vendor updates promptly. The vulnerability is scored CVSS v4 8.7 (CVSS v3.1 7.5).

Rockwell Automation PanelView and FactoryTalk ME Flaws

🔒 Rockwell Automation disclosed vulnerabilities in FactoryTalk View Machine Edition and PanelView Plus 7 that can allow unauthorized access to device file systems and diagnostic data. CVE-2025-9064 is a network-exploitable path traversal issue; CVE-2025-9063 is an improper-authorization flaw tied to an ActiveX control. Rockwell recommends installing provided firmware and software updates, and CISA advises minimizing network exposure, isolating control networks, and using secure remote access.

Rockwell ArmorStart AOP: Uncaught Exception Causes DoS

⚠️ A remotely exploitable uncaught exception in Rockwell Automation's ArmorStart AOP for Studio 5000 Logix Designer can trigger a denial-of-service on versions V2.05.07 and earlier. The issue arises from invalid inputs to COM methods and is tracked as CVE-2025-9437 with a CVSS v4 base score of 8.7 (high). Rockwell reports no fix is available; users should apply vendor best practices and minimize network exposure.

Rockwell 1715 EtherNet/IP Module: CVE-2025-9177/9178

⚠️ Rockwell Automation disclosed two remotely exploitable vulnerabilities in the 1715 EtherNet/IP Comms Module (versions 3.003 and earlier) that have a CVSS v4 base score of 7.7. One issue (CWE-770, CVE-2025-9177) allows resource exhaustion of the device web server causing a crash; the other (CWE-787, CVE-2025-9178) permits crafted CIP payloads to trigger an out-of-bounds write and loss of CIP communication. Rockwell has released firmware version 3.011 to address both flaws; operators who cannot immediately upgrade should implement recommended network segmentation, firewalling, and secure remote-access controls.

CISA Releases ICS Advisory for Rockwell 1715 Module

🔔 CISA published one Industrial Control Systems advisory on October 14, 2025, identifying a vulnerability in the Rockwell Automation 1715 EtherNet/IP Communications Module (ICSA-25-287-01). The advisory summarizes affected firmware and configurations and provides technical details to assess exposure. It recommends prioritized mitigations, including vendor updates, network segmentation, and access restrictions, and urges administrators to review and implement the guidance promptly.

Rockwell Stratix Devices Vulnerable to SNMP Stack Overflow

⚠️ Rockwell Automation has published an advisory for Stratix switches informing operators of a stack-based buffer overflow in the SNMP subsystem derived from Cisco IOS XE (CVE-2025-20352). A remote, authenticated attacker with knowledge of SNMPv2c read-only community strings or valid SNMPv3 credentials could cause a denial-of-service, while administrative (privilege 15) credentials may permit arbitrary code execution as root. Affected models include Stratix 5700, 5400, 5410, 5200, and 5800; Rockwell and CISA recommend applying Cisco workarounds, implementing network isolation, using secure remote access, and following Rockwell advisory SD1749.

CISA Publishes Four ICS Advisories on October 9, 2025

🔔 CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025, covering vulnerabilities in Hitachi Energy Asset Suite, Rockwell Automation Lifecycle Services with Cisco, Rockwell Automation Stratix, and an update to Mitsubishi Electric Multiple FA Products. Each advisory provides technical details, risk ratings, and recommended mitigations. Administrators and asset owners should review the advisories promptly and apply mitigations or vendor patches to reduce exposure. CISA emphasizes timely review and implementation to protect operational environments.

Rockwell Automation Lifecycle Services SNMP Overflow

⚠️ Rockwell Automation reports a stack-based buffer overflow in its Lifecycle Services with Cisco offerings related to the Cisco IOS XE SNMP subsystem (CVE-2025-20352). An authenticated remote actor with low privileges can trigger a denial-of-service, and an actor with higher privileges and administrative access may achieve arbitrary code execution as root. A CVSS v4 score of 6.3 and a CVSS v3 score of 7.7 are provided. Rockwell and Cisco publish updates and mitigations; CISA advises minimizing network exposure and applying vendor fixes or recommended workarounds.

CISA Issues Two New ICS Advisories for Delta, Rockwell

🛡️ CISA released two Industrial Control Systems advisories on October 7, 2025, addressing security issues in Delta Electronics DIAScreen and an updated advisory for Rockwell Automation 1756-EN4TR/1756-EN4TRXT. The notices provide technical details, vulnerability descriptions, and recommended mitigations to reduce exposure in operational environments. Administrators and users are urged to review the advisories and apply mitigations promptly to protect ICS assets.