ICSA-25-282-02
·
Published 2025-10-09
·
View on CISA ICS-CERT ↗
Rockwell Automation Lifecycle Services with Cisco
CVSS 7.7
HIGH
CISA KEV — Known Exploited
Risk Summary
Successful exploitation of this vulnerability could result in arbitrary code execution.
CVEs (1)
Remediations
- Rockwell Automation recommends users take the following actions based on their situation.
- Users with an active Rockwell Automation Infrastructure Managed Service contract:
- Contact Rockwell Automation to discuss actions needed for remediation efforts
- Users without a Rockwell Automation managed services contract, refer to Cisco's workarounds below:
- Cisco's Workarounds
- Additionally, users of the affected software who are unable to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.
- Security Best Practices
- For more information about this issue, see the advisory on the Rockwell Automation security page.
Affected Vendors
Rockwell Automation
Affected Products (4)
Rockwell Automation
·
Industrial Data Center (IDC) with Cisco Switching
>=Generations_1|<=5
Rockwell Automation
·
IDC-Managed Support contract with Cisco Switching
>=Generations_1|<=5
Rockwell Automation
·
Network-Managed Support contract with Cisco network switch
vers:all/*
Rockwell Automation
·
Firewall-Managed Support contract with Cisco firewall
vers:all/*
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more