Skip to main content

Rockwell

Vendor security scorecard – 7 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 59
7
CVEs
1
Critical
6
High
0
KEV
0
PoC
7
Unpatched C/H
0.0%
Patch Rate
0.2%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
6
MEDIUM
0
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-11917 Arbitrary file write in Rockwell Automation FactoryTalk ThinManager allows an authenticated attacker to abuse a path traversal flaw in the software's API, saving files outside the application's intended directory into restricted system locations. Because CWE-22 file-write primitives on a Windows-based OT management server commonly enable code execution or service disruption, this carries an integrity and availability impact (CVSS 4.0 base 7.2). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. HIGH 7.2 0.3% 36
No patch
CVE-2025-7025 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available. HIGH 8.4 0.0% –
No patch
CVE-2025-7032 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available. HIGH 8.4 0.0% –
No patch
CVE-2025-7033 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available. HIGH 8.4 0.0% –
No patch
CVE-2025-7353 A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.3 0.6% –
No patch
CVE-2025-9065 A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. HIGH 8.6 0.0% –
No patch
CVE-2025-11918 Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available. HIGH 7.1 0.0% –
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy