All news with #rockwell automation tag

CISA Publishes Ten New ICS Advisories — Sept 30, 2025

🔔 On September 30, 2025, CISA released ten Industrial Control Systems advisories summarizing current security issues, vulnerabilities, and known exploits affecting a range of ICS products. The advisories cover MegaSys Enterprises, multiple Festo devices, OpenPLC_V3, National Instruments Circuit Design Suite, LG Innotek cameras, and updates for Keysight Ixia, HEIDENHAIN, and Rockwell Automation. Administrators are urged to review the technical details and apply recommended mitigations promptly to reduce operational risk.

Rockwell ControlLogix 5580 NULL Pointer DoS Vulnerability

⚠️ A NULL pointer dereference vulnerability (CVE-2025-9166) in Rockwell Automation ControlLogix 5580 version 35.013 can cause the controller to enter a major, nonrecoverable fault resulting in denial of service. CISA reports a CVSS v4 base score of 8.2 and notes remote exploitability with low attack complexity. Rockwell recommends updating to version 35.014 or later and applying security best practices; CISA advises minimizing network exposure, isolating control networks, and using secure remote access methods.

Rockwell Automation CompactLogix 5480 Code Execution Flaw

⚠️ Rockwell Automation's CompactLogix® 5480 controllers (versions 32–37.011 with Windows package 2.1.0 on Windows 10 v1607) contain a Missing Authentication for Critical Function vulnerability (CVE-2025-9160). An attacker with physical access could abuse the controller's maintenance menu to execute arbitrary code. CVSS scores are v3: 6.8 and v4: 7.0, and CISA reports the flaw is not remotely exploitable with no public exploitation reported. Rockwell and CISA recommend applying published security best practices and minimizing network exposure.

Rockwell Automation FactoryTalk Optix MQTT RCE Vulnerability

⚠️ Rockwell Automation disclosed an input-validation defect in the FactoryTalk Optix MQTT broker that can enable remote code execution by loading remote Mosquitto plugins due to lack of URI sanitization. The issue affects versions 1.5.0 through 1.5.7; Rockwell recommends upgrading to 1.6.0 or later. CISA assigned CVE-2025-9161, reports a CVSS v4 base score of 7.3, and advises network segmentation and access restrictions; no public exploitation has been reported.

Rockwell Stratix IOS Injection Vulnerability Advisory

⚠️ Rockwell Automation has published an advisory for an injection vulnerability in Stratix IOS (≤15.2(8)E5) that could allow an attacker to upload and run malicious configurations without authentication. The issue is tracked as CVE-2025-7350 and carries a CVSS v4 base score of 8.6, with remote exploitability and low attack complexity. Rockwell released an update; users should upgrade to 15.2(8)E6 or later. If updating is not immediately possible, follow vendor best practices and CISA's network-segmentation and access-control recommendations.

Rockwell Automation FactoryTalk Authentication Flaw

🔒 A cryptographic implementation error in Rockwell Automation's FactoryTalk Activation Manager v5.00 can allow attackers to decrypt communications, enabling data exposure, session hijacking, or full communication compromise. The issue is tracked as CVE-2025-7970 with a CVSS v4 base score of 8.7 and is exploitable remotely with low attack complexity. Users should update to Version 5.02 or later and follow vendor security guidance.

CISA Releases Fourteen ICS Advisories — September 9, 2025

🔔 CISA released fourteen Industrial Control Systems (ICS) advisories on September 9, 2025, providing timely information on security issues, vulnerabilities, and potential exploits affecting critical industrial products. The set includes advisories for Rockwell Automation (ThinManager, Stratix IOS, FactoryTalk families, CompactLogix, ControlLogix, Analytics LogixAI, 1783-NATR), Mitsubishi Electric, Schneider Electric, ABB, and others. Administrators are urged to review the advisories for technical details, CVE references, and recommended mitigations, and to prioritize patching, configuration changes, and compensating controls to reduce operational risk.

Rockwell 1783-NATR Memory Corruption Vulnerability

🔒 Rockwell Automation released a security update for 1783-NATR to remediate a memory corruption issue stemming from a Wind River VxWorks calloc() allocator flaw. The vulnerability (CVE-2020-28895) can produce smaller-than-expected allocations, enabling memory corruption and potential remote exploitation with low attack complexity. Rockwell published firmware 1.007 to correct the defect; customers unable to upgrade should follow Rockwell's security best practices and apply the network and access mitigations recommended by CISA.

Rockwell ThinManager SSRF Exposes NTLM Hashes Remotely

🔒 Rockwell Automation’s ThinManager contains a server-side request forgery (SSRF) vulnerability (CVE-2025-9065) affecting versions 13.0 through 14.0 that can expose the ThinServer service account NTLM hash. Authenticated attackers can trigger SMB authentication by specifying external SMB paths, causing NTLM challenge/response data to be leaked. Rockwell addressed the issue in ThinManager 14.1 and recommends upgrading; temporary mitigations include blocking NTLM over SMB, isolating control networks, and using secure remote access.

Rockwell Analytics LogixAI Redis Exposure Vulnerability

🔒 Rockwell Automation disclosed a vulnerability in Analytics LogixAI (versions 3.00 and 3.01) caused by an over-permissive Redis instance that can expose sensitive system information to an intranet attacker. Tracked as CVE-2025-9364, the issue carries a CVSS v3.1 score of 8.8 and a CVSS v4 score of 8.7 and may permit data access and modification when exploited from an adjacent network with low attack complexity. Rockwell has published fixes in versions 3.02 and later and advises customers to apply updates where possible; CISA reiterates standard mitigations such as minimizing network exposure, isolating control networks behind firewalls, and maintaining secure remote access practices.

Rockwell Automation FLEX 5000 I/O: Input Validation Flaw

⚠️ Rockwell Automation has disclosed two improper input validation vulnerabilities in the FLEX 5000 I/O modules (5069-IF8 and 5069-IY8) assigned CVE-2025-7861 and CVE-2025-7862. Successful exploitation can remotely induce a fault state that requires a power cycle to recover, producing a denial-of-service condition. Both issues carry elevated CVSS v4 scores (8.7) and are exploitable with low attack complexity. Rockwell recommends upgrading affected modules to V2.012 or later and following established security best practices.

Rockwell Viewpoint Privilege Escalation Security Advisory

🛡️ Rockwell Automation's FactoryTalk Viewpoint (version 14.00 and earlier) contains a privilege-escalation vulnerability tracked as CVE-2025-7973 that arises from improper handling of MSI repair operations. An attacker who can trigger a repair can hijack the SYSTEM-run cscript.exe console to spawn an elevated command prompt, enabling full privilege escalation; CVSS v4 is 8.5 (low attack complexity). Update to 15.00 or apply vendor-recommended mitigations; the issue is not remotely exploitable and no public exploitation has been reported.

Rockwell FactoryTalk Linx Access Control Flaw Risk

⚠️ Rockwell Automation's FactoryTalk Linx contains an improper access control vulnerability in the Network Browser that can be triggered by changing process.env.NODE_ENV to 'development', which disables FTSP token validation. An attacker with local access could create, modify, or delete Linx drivers on affected systems running versions prior to 6.50. The issue is tracked as CVE-2025-7972 (CVSS v4: 8.4) and Rockwell advises updating to 6.50 or applying recommended mitigations and network isolation.

Rockwell Micro800 Series: Critical Remote Exploitation Risk

⚠️ Rockwell Automation's Micro800 family contains multiple high-severity vulnerabilities (CVSS v4 9.3) that could be exploited remotely to achieve code execution or privilege escalation. Affected models include Micro820, Micro850, and Micro870 series on specified firmware versions; impacts stem from flaws in Azure RTOS NetX Duo and ThreadX and malformed CIP packets. Rockwell and CISA advise updating to V23.011+ where available, applying vendor fixes for CVE-2023-48691/48692/48693 and CVE-2025-7693, minimizing network exposure, and performing risk assessments before deployment.