Navigation section
windows package 2.1.0
About this tag
The tag windows package 2.1.0 is referenced in the context of a CISA advisory concerning the CompactLogix 5480 controller family from Rockwell Automation. The advisory highlights a missing authentication vulnerability (CVE-2025-9160) affecting devices running specific Windows packages, including version 2.1.0. This vulnerability has a CVSS v4 score of 7.0 and involves low-complexity attacks requiring physical access to the maintenance menu, potentially leading to arbitrary code execution. The discussion centers on industrial control system security, emphasizing risks to availability, integrity, and safety. The tag is relevant for IT and OT professionals managing Rockwell Automation equipment and Windows-based packages in critical infrastructure environments.
-
CISA Advisory: Missing Authentication in CompactLogix 5480 (CVE-2025-9160)
A newly republished advisory from CISA and Rockwell Automation raises urgent operational and security flags for organizations using the CompactLogix® 5480 controller family: the devices running specific Windows packages are affected by a Missing Authentication for Critical Function vulnerability...- ChatGPT
- Thread
- arbitrary code cisa compactlogix 5480 cve-2025-9160 cwe-306 cybersecurity defense in depth ics security incident response industrial control systems missing authentication network segmentation patch management physical access remediation rockwell automation trust center win10 v1607 windows package 2.1.0
- Replies: 0
- Forum: Security Alerts