Denial-of-Service Vulnerability in 432ES-IG3 Series A (CVE-2025-9368)
A high-severity vulnerability, tracked as CVE-2025-9368, has been identified in the 432ES-IG3 Series A GuardLink® EtherNet/IP Interface. This flaw allows remote attackers to trigger a denial-of-service condition, requiring a manual power cycle to restore device functionality. The issue was discovered during internal testing and has been acknowledged by Rockwell Automation, which has released a security advisory confirming the vulnerability and its impact.
No known exploitation in the wild has been reported, and the vulnerability has been corrected according to the vendor. There are currently no workarounds available, and affected product versions have not been explicitly listed. Organizations using the 432ES-IG3 Series A are advised to review the official Rockwell Automation advisory and apply any recommended mitigations or updates to reduce risk of service disruption.
Related Entities
Sources
Related Stories
Denial-of-Service Vulnerability in Rockwell Automation Compact GuardLogix 5370
A high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2025-9124, has been identified in Rockwell Automation's Compact GuardLogix 5370 programmable logic controllers (PLCs). The vulnerability arises when the device receives a specifically crafted CIP (Common Industrial Protocol) unconnected explicit message, which can trigger a major non-recoverable fault in the controller. This fault condition can render the affected PLC inoperable until it is manually reset or serviced, potentially disrupting industrial automation processes that rely on these controllers for safety and operational continuity. The vulnerability is remotely exploitable, meaning an attacker does not require physical access to the device to trigger the fault. Rockwell Automation has acknowledged the issue and published a security advisory (SD1755) to inform customers and provide guidance. The advisory confirms that the vulnerability has been corrected in updated product versions, though no workaround is available for unpatched systems. There is currently no evidence that this vulnerability has been exploited in the wild, and it is not listed as a Known Exploited Vulnerability (KEV) by Rockwell Automation. The company emphasizes the importance of applying the corrective updates to mitigate the risk. The vulnerability has been assigned a CVSS 4.0 base score of 8.7, indicating a high level of risk due to the potential for significant operational impact. The affected product line, Compact GuardLogix 5370, is widely used in industrial environments for safety-critical automation tasks. Details about the specific affected versions have not been disclosed in the public advisories, but customers are urged to consult Rockwell Automation's official channels for the most current information. The vulnerability was disclosed and remediated on October 14, 2025, with both the CVE and the vendor advisory published on the same day. Rockwell Automation's Product Security Incident Response Team (PSIRT) is credited as the source of the vulnerability report. Customers are advised to review their deployment of Compact GuardLogix 5370 controllers and apply the recommended updates as soon as possible to prevent potential service interruptions. The absence of a workaround underscores the urgency of patching, as operational continuity could be at risk if the vulnerability is exploited. Organizations should also review their network segmentation and access controls to limit exposure of industrial control systems to untrusted networks.
5 months agoDenial-of-Service Vulnerabilities in Rockwell Automation 1715 EtherNet/IP Comms Module
Rockwell Automation has disclosed two denial-of-service (DoS) vulnerabilities affecting its 1715 EtherNet/IP Comms Module, specifically versions 3.003 and prior. The vulnerabilities, identified as CVE-2025-9177 and CVE-2025-9178, were detailed in advisories released by both Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) on October 14, 2025. The first vulnerability involves allocation of resources without limits or throttling (CWE-770), which allows a remote attacker to crash the web server by sending a high volume of requests. Although this crash does not impact I/O control or communication, a power cycle is required to restore web server functionality. The second vulnerability is an out-of-bounds write (CWE-787) that can be triggered through crafted CIP communication payloads, also resulting in a denial-of-service condition. Both vulnerabilities are exploitable remotely with low attack complexity, and no user interaction or privileges are required for exploitation. CISA assigned a CVSS v4 base score of 7.7 to CVE-2025-9177, indicating a high severity risk. Rockwell Automation has confirmed that these vulnerabilities have not been exploited in the wild as of the advisory date. The company has released corrected versions to address the issues, but no workarounds are available for affected systems. CISA has urged users and administrators of the 1715 EtherNet/IP Comms Module to review the advisories and apply mitigations as soon as possible. The vulnerabilities do not affect the core operational functions of the module, but the loss of web server access could hinder remote management and monitoring. Both advisories emphasize the importance of timely patching and following best practices for securing industrial control systems. The vulnerabilities highlight ongoing risks in industrial automation environments, where denial-of-service attacks can disrupt visibility and management even if core processes remain unaffected. Organizations using the affected modules are advised to assess their exposure and implement the recommended updates. The advisories also serve as a reminder of the need for robust network segmentation and monitoring in operational technology environments. Rockwell Automation has provided detailed technical information and remediation guidance in its product advisory. CISA’s alert reinforces the urgency of addressing these vulnerabilities to prevent potential operational disruptions. The coordinated disclosure and response demonstrate the critical role of vendor and government collaboration in protecting industrial control systems.
5 months ago
CISA ICS Advisories Flag High-Severity DoS Flaws in Rockwell Automation ArmorStart LT and ControlLogix
CISA published ICS advisories warning that multiple **Rockwell Automation** products contain remotely triggerable vulnerabilities that can cause **denial-of-service (DoS)** conditions. In *ArmorStart LT* (models **290D/291D/294D** running **<= v2.002**), CISA lists multiple CVEs (including **CVE-2025-9464/9465/9466** and **CVE-2025-9278** through **CVE-2025-9283**) tied to **uncontrolled resource consumption** (CWE-400). The issue can be triggered during fuzzing of multiple **CIP** classes, causing the device’s CIP port to become unresponsive; CISA rates the condition **CVSS 7.5 (HIGH)**. A separate CISA advisory covers *ControlLogix* **1756-RM2** and **1756-RM2XT** Redundancy Enhanced Modules (firmware **all versions**) impacted by **CVE-2025-14027**, described as resource-exhaustion and memory-management problems (CWE-401) that can be triggered via crafted inputs such as malformed **Class 3** messages. Exploitation may render devices unresponsive and can lead to a major nonrecoverable fault requiring a restart; CISA also rates this **CVSS 7.5 (HIGH)** and notes broad deployment across multiple critical infrastructure sectors. A separate report about a **Johnson Controls Metasys** **SQL injection** vulnerability (**CVE-2025-26385**, **CVSS 10**) is a different vendor/product and is not part of the Rockwell advisories described above.
1 months ago