CVE-2025-9368
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-9368, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Rockwell Automation

Description

A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-07-06
AI Q&A
2025-12-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
rockwell_automation 432es-ig3_series_a 2.001.9
rockwell_automation 432es-ig3_series_a 1.001

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the 432ES-IG3 Series A GuardLink® EtherNet/IP Interface and causes a denial-of-service condition. When exploited, the device stops functioning properly and requires a manual power cycle to recover.

Impact Analysis

The impact of this vulnerability is a denial-of-service, meaning the affected device will become unresponsive and stop working until it is manually power cycled. This can cause operational disruptions and downtime.

Detection Guidance

The vulnerability results in a denial-of-service condition requiring a manual power cycle to recover the device. Detection would involve monitoring for device unresponsiveness or DoS symptoms on the GuardLink EtherNet/IP Interface. No specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the affected device software from version 1.001 to the corrected version 2.001.9. No workaround is available. Users should also follow Rockwell Automation's security best practices. If the device becomes unresponsive due to the vulnerability, a manual power cycle is required to recover it. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9368. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart