Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Rockwell Automation — Vulnerabilities & Security Advisories 266

Browse all 266 CVE security advisories affecting Rockwell Automation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rockwell Automation specializes in industrial automation and information integration, providing critical control systems for manufacturing and process industries. Its software portfolio, including FactoryTalk and PlantPAx, manages complex operational technology environments, making it a high-value target for threat actors seeking to disrupt industrial infrastructure. Historical vulnerability data reveals a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy components or insufficient input validation in web-based interfaces. Notable incidents include the 2018 discovery of backdoors in FactoryTalk View SE, which allowed unauthorized access to industrial control systems. These vulnerabilities highlight the persistent risk of insecure default configurations and unpatched legacy systems within industrial networks. The sheer volume of recorded CVEs underscores the complexity of securing interconnected OT/IT environments, where updates must balance operational continuity with rigorous security hygiene to prevent catastrophic physical or data breaches.

Top products by Rockwell Automation: Arena® Arena Simulation ArmorStart ST FactoryTalk AssetCentre ArmorStart® LT 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules ThinManager ThinServer FactoryTalk View SE ThinManager® ThinServer™ ISaGRAF Runtime RSLinx Classic FactoryTalk® View SE ControlLogix® 5580 Verve Asset Manager Arena® Simulation Pavilion8® ISaGRAF Workbench FactoryTalk System Services Comms - 1783-NATR FactoryTalk® DataMosaix™ Private Cloud Connected Components Workbench PM1k 1408-BC3A-485 CompactLogix 5370 ThinManager RSLinx Enterprise Software FactoryTalk View Machine Edition FactoryTalk® AssetCentre FactoryTalk Updater 1756-EN2T Series A, B, C 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
CVE IDTitleCVSSSeverityPublished
CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities — FLEX I/O EtherNet/IP AdaptersCWE-306--2026-06-16
CVE-2026-0646 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities — FLEX I/O EtherNet/IP AdaptersCWE-401--2026-06-16
CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX — FactoryTalk Analytics PavilionXCWE-862--2026-06-16
CVE-2025-13036 Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass — FactoryTalk Historian SECWE-362--2026-06-16
CVE-2026-9307 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities — CompactLogix 5370CWE-497--2026-06-16
CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities — CompactLogix 5370CWE-354--2026-06-16
CVE-2026-11317 Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP — CompactLogix, ControlLogixCWE-404--2026-06-16
CVE-2025-9283 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-9282 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-9281 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-9280 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-14027 Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT — ControlLogix® Redundancy Enhanced ModuleCWE-401 7.5AIHighAI2026-01-20
CVE-2025-9279 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-9278 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 6.5AIMediumAI2026-01-20
CVE-2025-9466 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-11743 Rockwell Automation CompactLogix® 5370 Denial of Service Vulnerability — CompactLogix® 5370CWE-1284 7.5AIHighAI2026-01-20
CVE-2025-9465 ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-9464 Rockwell Automation ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities — ArmorStart® LTCWE-400 7.5AIHighAI2026-01-20
CVE-2025-14377 Verve Asset Manager – Plaintext Storage Vulnerabilities — Verve Asset ManagerCWE-312 5.5AIMediumAI2026-01-20
CVE-2025-14376 Verve Asset Manager – Plaintext Storage Vulnerabilities — Verve Asset ManagerCWE-922 6.5AIMediumAI2026-01-20
CVE-2025-13824 Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities — Micro820®, Micro850®, Micro870®CWE-763 7.5AIHighAI2025-12-15
CVE-2025-13823 Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities — Micro820®, Micro850®, Micro870®CWE-1395 7.5AIHighAI2025-12-15
CVE-2025-9368 432ES-IG3 Series A Denial-of-Service Vulnerability — 432ES-IG3 Series ACWE-770 7.5AIHighAI2025-12-09
CVE-2025-12807 FactoryTalk® DataMosaix™ Private Cloud SQL Injection — FactoryTalk® DataMosaix™ Private CloudCWE-89 8.8AIHighAI2025-12-09
CVE-2025-11918 Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability — Arena® SimulationCWE-121 7.3 -2025-11-14
CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution — Studio 5000 ® Simulation InterfaceCWE-200 7.8 -2025-11-11
CVE-2025-11696 Studio 5000 ® Simulation Interface SSRF — Studio 5000® Simulation Interface™CWE-22 6.5 -2025-11-11
CVE-2025-11862 Verve Asset Manager Access Control Vulnerability — Verve Asset ManagerCWE-863 8.8 -2025-11-11
CVE-2025-11085 FactoryTalk® DataMosaix™ Private Cloud – Persistent XSS — FactoryTalk® DataMosaix™ Private CloudCWE-116 6.1 -2025-11-11
CVE-2025-11084 FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass — FactoryTalk® DataMosaix™ Private CloudCWE-1390 7.4 -2025-11-11

This page lists every published CVE security advisory associated with Rockwell Automation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.