Rockwell Automation has confirmed a serious injection vulnerability in Stratix IOS that affects multiple Stratix switch families and can be exploited remotely to upload and run malicious configurations without authentication; CISA has republished Rockwell’s advisory and assigned CVE‑2025‑7350 with a CVSS v3.1 base score of 9.6 and a CVSS v4 base score of 8.6, and Rockwell recommends immediate upgrade to Stratix IOS 15.2(8)E6 or later.
Background / Overview
Industrial networking gear used at operational technology (OT) edges is a frequent target for attackers because it sits on the critical path between controllers, HMIs, and plant-floor instruments. Rockwell Automation’s Stratix line—widely deployed in critical manufacturing environments—runs a version of Cisco IOS internally for many features. A parsing or command handling flaw in that embedded IOS code family has been traced to an improper neutralization of special elements vulnerability (CWE‑74) that impacts Stratix devices, specifically Stratix IOS versions 15.2(8)E5 and prior. The vulnerability is tracked as CVE‑2025‑7350 and is the focus of coordinated vendor and CISA advisories. This article unpacks what is known about the Stratix IOS vulnerability, who and what is affected, the technical nature of the risk, recommended mitigations and patch guidance, practical hardening steps for operational teams, and the likely attack scenarios and operational impacts organizations should prepare for. Where vendor or public details are incomplete, those points are explicitly flagged so asset owners can perform their own impact assessments.Executive summary — what operators need to know now
- Severity: High — CVSS v3.1 base score 9.6, CVSS v4 base score 8.6 indicates remote exploitability with significant confidentiality, integrity, and availability impacts.
- Affected product family: Stratix IOS — versions 15.2(8)E5 and prior (Stratix 5410, 5700, 8000 families explicitly called out).
- Vulnerability type: Injection (CWE‑74) — improper neutralization of special elements in output used by a downstream component; can allow an attacker to upload and execute malicious configurations.
- Exploitability: Remote; low attack complexity; no authentication required for the core condition identified.
- Vendor guidance: Upgrade Stratix IOS to 15.2(8)E6 or later where available; when immediate upgrade is infeasible, apply network hardening and isolation per Rockwell/CISA guidance. (cisa.gov, cisa.gov, cisa.gov, rockwellautomation.com, cisa.gov)
Independent vendors and security outlets have historically tracked Stratix‑embedded IOS problems because of the re‑use of Cisco code, and Cisco's own security advisories for IOS/NX‑OS/NX‑OS components are useful to review for cross‑corroborating technical details where the Stratix advisory references Cisco‑origin flaws. Reviewing Cisco advisories for any related IOS/XE code fixes can help determine whether additional hardening steps or configuration changes at the IOS feature level are warranted. (cisco.com)
Practical mitigation and patch guidance — prioritized checklist
The single most effective action is firmware upgrade. Rockwell and CISA both recommend updating to Stratix IOS 15.2(8)E6 or later when that build is available and validated for your hardware revision. Follow Rockwell’s published FRN and release notes for the exact download and installation steps for your model. (cisa.gov, cisa.gov, compatibility.rockwellautomation.com, cisa.gov)
Source: CISA Rockwell Automation Stratix IOS | CISA
