CVE-2025-9160
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwell_automation | compactlogix | 37.011 |
| rockwell_automation | windows_10_iot_enterprise | 2.1.0 |
| rockwell_automation | compactlogix | 32 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Rockwell Automation's CompactLogix 5480 controllers running specific software versions on Windows 10 IoT Enterprise. An attacker with physical access can exploit the controller's maintenance menu by using a specially crafted payload, which leads to arbitrary code execution. Essentially, the attacker can run unauthorized code on the device due to missing authentication for critical functions. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with physical access to execute arbitrary code on the affected controller. This could lead to unauthorized control or manipulation of the device, potentially disrupting operations or causing unsafe conditions in environments relying on these controllers. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying affected Rockwell Automation CompactLogix 5480 controllers running software versions 32 through 37.011 with the Windows package (2.1.0) on Windows 10 version 1607. Since the vulnerability requires physical access and exploitation of the maintenance menu with a crafted payload, network-based detection commands are not specified. Users should verify device catalog numbers (5069-L430ERMW, 5069-L450ERMW, 5069-4100ERMW, 5069-L4200ERMW, 5069-L46ERMW) and software versions to assess exposure. No specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to affected controllers to prevent exploitation via the maintenance menu. Since no software fix is currently available, users should follow Rockwell Automationβs system security design guidelines and best security practices. Contacting Rockwell Automation TechConnect for support and guidance is also recommended. [1]