ICSA-25-091-01
·
Published 2025-04-01
·
View on CISA ICS-CERT ↗
Rockwell Automation Lifecycle Services with Veeam Backup and Replication
CVSS 9.9
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow an attacker with administrative privileges to execute code on the target system.
CVEs (1)
Remediations
- Users with an active Rockwell Automation Infrastructure Managed Service contract:
- Rockwell Automation will contact impacted users to discuss actions needed for remediation efforts.
- Users without Rockwell Automation managed services contract, refer to Veeam's advisories below:
- Support Content Notification - Support Portal – Veeam support portal
- Veeam Backup & Replication CVE-2025-23120
- Additionally, users of the affected software who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices where possible.
- For more information refer to Rockwell Automation's security advisory.
Affected Vendors
Rockwell Automation
Affected Products (2)
Rockwell Automation
·
Industrial Data Center (IDC) with Veeam
>=Generations_1|<=Generations_5
Rockwell Automation
·
VersaVirtual Appliance (VVA) with Veeam
>=Series_A|<=Series_C
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more