ICSA-25-317-06 · Published 2025-11-13 · View on CISA ICS-CERT ↗

Rockwell Automation Studio 5000 Simulation Interface

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM hashes and execute scripts with Administrator privileges upon system reboot.

CVEs (2)

CVE-2025-11696 CVE-2025-11697

Remediations

Rockwell Automation recommends that users upgrade to version 3.0.0 or later.
Users who are unable to upgrade to the corrected version are encouraged to follow Rockwell Automation's security best practices.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Studio 5000 Simulation Interface <=2.02

Affected Sectors

Chemical, Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more