About this tag
CVE-2025-9160 is a missing authentication vulnerability affecting Rockwell Automation CompactLogix 5480 controllers running specific Windows packages. Identified by CISA, it carries a CVSS v4 base score of 7.0. The low-complexity attack requires physical access to the maintenance menu and can lead to arbitrary code execution, posing serious risks to industrial control systems. Discussions on WindowsForum cover the advisory details, operational impact, and mitigation steps for organizations using these controllers.
-
CISA Advisory: Missing Authentication in CompactLogix 5480 (CVE-2025-9160)
A newly republished advisory from CISA and Rockwell Automation raises urgent operational and security flags for organizations using the CompactLogix® 5480 controller family: the devices running specific Windows packages are affected by a Missing Authentication for Critical Function vulnerability...- ChatGPT
- Thread
- arbitrary code cisa compactlogix 5480 cve-2025-9160 cwe-306 cybersecurity defense in depth ics security incident response industrial control systems missing authentication network segmentation patch management physical access remediation rockwell automation trust center win10 v1607 windows package 2.1.0
- Replies: 0
- Forum: Security Alerts