← Back to home
ICSA-25-028-03  ·  Published 2025-01-28  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute code on the device with elevated privileges.

CVEs (2)

Remediations

  • Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible:
  • CVE-2025-24479 *-* Upgrade to V15.0 or apply patch in AID 1152309 *-* Control physical access to the system
  • Upgrade to V15.0 or apply patch in AID 1152309
  • Control physical access to the system
  • Upgrade to V15.0 or apply patch in AID 1152331, 1152332.
  • Protect network access to the device
  • Strictly constrain the parameters of invoked functions
  • For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of the vulnerability.
  • Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
  • For more information about this issue, please see the advisory on the Rockwell Automation security page.
  • CVE-2025-24480 *-* Upgrade to V15.0 or apply patch in AID 1152331, 1152332. *-* Protect network access to the device *-* Strictly constrain the parameters of invoked functions

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · FactoryTalk View ME <15.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more