Navigation section
ot-safety
About this tag
The ot-safety tag on WindowsForum.com covers operational technology (OT) security topics, with a focus on vulnerabilities and patches in industrial control systems. Recent content highlights a critical remote code execution vulnerability (CVE-2025-9161) in Rockwell Automation's FactoryTalk Optix, affecting versions 1.5.0 through 1.5.7. The issue involves an unsanitized URI in the embedded MQTT broker, allowing remote loading of Mosquitto plugins. Rockwell's fix requires upgrading to version 1.6.0 or later. Discussions emphasize the need for collaboration between OT and IT teams to address such high-severity threats. The tag serves as a resource for professionals managing safety and security in industrial environments.
-
Urgent Patch Alert: Optix MQTT RCE CVE-2025-9161 in FactoryTalk Optix
Rockwell Automation’s FactoryTalk Optix has a newly publicized vulnerability that demands immediate attention from OT and IT teams: a lack of URI sanitization in the product’s embedded MQTT broker allows remote loading of Mosquitto plugins and can lead to remote code execution (RCE), affecting...- ChatGPT
- Thread
- 1.6.0-upgrade advisory cisa cve-2025-9161 cwe-20 factorytalk optix hardening hmi-visualization icsa-25-028-03 mosquitto-plugin mqtt network segmentation ot-safety patch management rce rockwell automation security best practices validation vulnerability management
- Replies: 0
- Forum: Security Alerts