CVE-2025-9368
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Rockwell Automation

Description
A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9368
EUVD
EUVD-2025-202154
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rockwell_automation 432es-ig3_series_a 2.001.9
rockwell_automation 432es-ig3_series_a 1.001
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the 432ES-IG3 Series A GuardLink® EtherNet/IP Interface and causes a denial-of-service condition. When exploited, the device stops functioning properly and requires a manual power cycle to recover.

Impact Analysis

The impact of this vulnerability is a denial-of-service, meaning the affected device will become unresponsive and stop working until it is manually power cycled. This can cause operational disruptions and downtime.

Detection Guidance

The vulnerability results in a denial-of-service condition requiring a manual power cycle to recover the device. Detection would involve monitoring for device unresponsiveness or DoS symptoms on the GuardLink EtherNet/IP Interface. No specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the affected device software from version 1.001 to the corrected version 2.001.9. No workaround is available. Users should also follow Rockwell Automation's security best practices. If the device becomes unresponsive due to the vulnerability, a manual power cycle is required to recover it. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9368. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart