rockwell automation

On October 2024 advisories from both Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) brought renewed attention to a family of denial‑of‑service vulnerabilities that affect the Logix family of controllers — including the widely deployed ControlLogix 5580 line —...

Rockwell Automation’s CompactLogix 5370 line has been flagged in a coordinated advisory as vulnerable to a denial-of-service condition when sent a malformed Common Industrial Protocol (CIP) forward open message, an issue tracked as CVE‑2025‑11743 and rated with a CVSS v3.1 base score of 6.5. The...

Rockwell Automation has published an urgent advisory after internal fuzz-testing uncovered two controller defects that can crash or fault Micro800-series devices: an IPv6 stack fault that produces recoverable controller faults (CVE-2025-13823) and a malformed-CIP handling flaw that can drive...

A remotely exploitable denial‑of‑service flaw in Rockwell Automation’s Compact GuardLogix® 5370 — tracked as CVE‑2025‑9124 — can be triggered by a crafted CIP unconnected explicit message and may drive affected controllers into a major non‑recoverable fault, forcing manual recovery and program...

Rockwell Automation has confirmed a denial‑of‑service vulnerability in the Studio 5000 Logix Designer add‑on profile (AOP) for the ArmorStart Classic distributed motor controller that can be triggered by feeding invalid values into Component Object Model (COM) methods; the issue is tracked as...

Rockwell Automation has confirmed two high-severity denial-of-service vulnerabilities in the 1715 EtherNet/IP Communications Module that can be exploited remotely and have been assigned CVE‑2025‑9177 and CVE‑2025‑9178; vendor fixes are available in firmware/software version 3.011 and later...

Rockwell Automation’s FactoryTalk Analytics LogixAI has a serious configuration weakness that demands immediate attention from OT and IT teams: CISA republished an advisory assigning CVE-2025-9364 to an overly permissive Redis instance used by LogixAI, calling out exposure of sensitive system...

Rockwell Automation’s ControlLogix 5580 family has a newly republished advisory that raises the alarm for industrial operators: a remotely exploitable NULL pointer dereference in firmware version 35.013 can force a major nonrecoverable fault (MNRF) on affected controllers, producing a...

Rockwell Automation’s FactoryTalk Optix has a newly publicized vulnerability that demands immediate attention from OT and IT teams: a lack of URI sanitization in the product’s embedded MQTT broker allows remote loading of Mosquitto plugins and can lead to remote code execution (RCE), affecting...

CISA’s September 9, 2025 bulletin consolidating fourteen Industrial Control Systems advisories is a blunt reminder that the OT security landscape remains both crowded and volatile — the list spans high‑impact Rockwell Automation products, ABB building‑management gear, Schneider and Mitsubishi...

A recently republished U.S. federal advisory warns that Rockwell Automation’s FactoryTalk Activation Manager contains a cryptographic implementation flaw that can be exploited remotely to decrypt or tamper with activation and management traffic — an issue assigned CVE‑2025‑7970 and rated with a...

Rockwell Automation’s 1783‑NATR I/O adapter has been flagged by CISA as vulnerable to a third‑party component flaw that can cause memory corruption, carrying a CVSS v4 base score of 6.9 and described as remotely exploitable with low attack complexity — operators should treat it as an immediate...

A newly republished advisory from CISA and Rockwell Automation raises urgent operational and security flags for organizations using the CompactLogix® 5480 controller family: the devices running specific Windows packages are affected by a Missing Authentication for Critical Function vulnerability...

Rockwell Automation has confirmed a serious injection vulnerability in Stratix IOS that affects multiple Stratix switch families and can be exploited remotely to upload and run malicious configurations without authentication; CISA has republished Rockwell’s advisory and assigned CVE‑2025‑7350...

A critical local privilege‑escalation flaw has been disclosed in Rockwell Automation’s FactoryTalk ViewPoint (versions 14.00 and prior) that allows an attacker with local access to escalate to SYSTEM by abusing Windows MSI repair behavior — the issue is tracked as CVE‑2025‑7973 and has been...

CISA’s August 14 advisory bundle is a wake-up call for every industrial operator: thirty-two separate Industrial Control Systems (ICS) advisories were published, covering a sweeping range of Siemens and Rockwell products — from PLC simulators and engineering platforms to rugged network gear and...

A recently republished CISA advisory warns that Rockwell Automation’s FactoryTalk Linx contains a serious improper access control flaw that—when triggered by setting Node.js’ process.env.NODE_ENV to "development"—can disable FTSP token validation and allow an attacker to create, update, or...

Rockwell Automation’s Micro800 line of programmable logic controllers (PLCs) has been the subject of a high-severity U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory republished on August 14, 2025, warning that multiple remotely exploitable vulnerabilities tied to Azure RTOS...

Rockwell Automation has issued—and CISA has republished—an advisory warning that specific 1756-series communication modules can enter a Major Non‑Recoverable fault or crash when presented with malformed or concurrent Forward Close messages, creating a practical denial‑of‑service risk for...

A high-severity privilege-escalation flaw has been disclosed in Rockwell Automation’s FactoryTalk ViewPoint that allows a local attacker to escalate to SYSTEM privileges by abusing Windows MSI repair behavior; the issue (CVE-2025-7973) carries a CVSS v4 base score of 8.5 and affects FactoryTalk...