← Back to home
ICSA-16-224-02A  ·  Published 2025-06-09  ·  View on CISA ICS-CERT ↗

Rockwell Automation RSLogix 500 and RSLogix Micro File Parser Buffer Overflow Vulnerability (Update A)

CVSS 8.6 HIGH

CVEs (1)

Remediations

  • Users using affected versions of RSLogix 500 and RSLogix Micro are encouraged to update to Version 11.00.00 that addresses associated risk and includes added improvements to further harden the software and enhance its resilience against similar malicious attacks. Version 11.00.00 can be found on Rockwell Automation’s web site at the following URL with a valid account: (http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=rslogix%20500&crumb=112)
  • Users of RSLogix Micro Version 8.40.00 or RSLogix 500 Version 8.40.00 may apply patch KB878490 until they are able to update to Version 11.00.00. This patch can be found on Rockwell Automation’s web site at the following URL with a valid account: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/878490)
  • Do not open untrusted RSS files with RSLogix 500 and RSLogix Micro. Run all software as user, not as an administrator to minimize the impact of malicious code on the infected system. Use trusted software, software patches, and anti-virus/anti-malware programs, and interact only with trusted web sites and attachments. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Use of Microsoft AppLocker or other similar whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at the following URL with a valid account: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989) Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. For more information on this issue, please see Rockwell Automation’s publication 898582 on its web site at: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898582

Affected Vendors

Rockwell Automation

Affected Products (5)

Rockwell Automation · RSLogix Micro Starter Lite <=10.00.00
Rockwell Automation · RSLogix Micro Developer <=10.00.00
Rockwell Automation · RSLogix 500 Starter Edition <=10.00.00
Rockwell Automation · RSLogix 500 Standard Edition <=10.00.00
Rockwell Automation · RSLogix 500 Professional Edition <=10.00.00

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more