← Back to home
ICSA-25-142-02  ·  Published 2025-05-22  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk Historian ThingWorx

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files.

CVEs (1)

Remediations

  • Rockwell Automation released a product update addressing this vulnerability:
  • 95057C-FTHTWXCT11: Versions v5.00.00 and later
  • For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of the vulnerability.
  • For more information, see Rockwell Automation Security Advisory SD1728.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · 95057C-FTHTWXCT11 <=v4.02.00

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more