Rockwell

Vendor security scorecard – 8 CVEs in the selected period

Period: 30d 90d 6m 1y All

Risk 63

8

CVEs

1

Critical

7

High

0

KEV

0

PoC

8

Unpatched C/H

0.0%

Patch Rate

0.1%

Avg EPSS

Severity Breakdown

CRITICAL

1

HIGH

7

MEDIUM

0

LOW

0

Monthly CVE Trend

Affected Products (6)

Arena 15 Memory Corruption 4 Thinmanager 3 Factorytalk Assetcentre 3 Heap Overflow 2 Stack Overflow 2

Top Risky CVEs

CVE	Summary	Severity	CVSS	EPSS	Priority	Signals
CVE-2025-3618	A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3617	A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.	HIGH	8.5	0.0%	43	No patch
CVE-2025-7025	A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.4	0.0%	–	No patch
CVE-2025-7032	A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.4	0.0%	–	No patch
CVE-2025-7033	A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.4	0.0%	–	No patch
CVE-2025-7353	A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.	CRITICAL	9.3	0.6%	–	No patch
CVE-2025-9065	A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.	HIGH	8.6	0.0%	–	No patch
CVE-2025-11918	Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.	HIGH	7.1	0.0%	–	No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy