PatchSiren cyber security CVE debrief
CVE-2025-24479 Rockwell Automation CVE debrief
CVE-2025-24479 is a high-severity local code execution issue in Rockwell Automation FactoryTalk View ME versions prior to 15.0, published by CISA on 2025-01-28. The advisory says the problem stems from a default Windows setting and can let a local user reach a command prompt as a higher-privileged user. Rockwell’s guidance is to upgrade to V15.0 or apply the listed patches, and to reduce exposure by limiting physical and network access to affected systems.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View ME
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-28
- Original CVE updated
- 2025-01-28
- Advisory published
- 2025-01-28
- Advisory updated
- 2025-01-28
Who should care
Organizations running Rockwell Automation FactoryTalk View ME in industrial or HMI environments, especially teams responsible for workstation hardening, local admin controls, physical access control, and patch management.
Technical summary
The advisory describes a local code execution vulnerability affecting Rockwell Automation FactoryTalk View ME versions prior to 15.0. CISA attributes the issue to a default Windows setting that allows access to the command prompt as a higher-privileged user. The published CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting a high-impact local issue rather than a remotely exploitable flaw.
Defensive priority
High. The issue is local, but it can still provide elevated command prompt access on affected systems. In ICS/HMI environments, local privilege escalation can materially increase operational risk, so upgrading or patching should be prioritized where exposure exists.
Recommended defensive actions
- Upgrade affected systems to FactoryTalk View ME V15.0.
- Apply the Rockwell patches referenced in the advisory (AID 1152309, 1152331, and 1152332) where applicable.
- Control physical access to affected systems.
- Protect network access to the device.
- Follow Rockwell Automation’s security best practices for industrial automation control systems.
- Use environment-specific prioritization methods such as CISA SSVC when determining remediation order.
Evidence notes
All statements above are drawn from the CISA CSAF advisory and the supplied advisory metadata. The source names Rockwell Automation FactoryTalk View ME as the affected product, with versions prior to 15.0 impacted. It states the issue is due to a default Windows setting and that the result is command prompt access as a higher-privileged user. The advisory also recommends upgrade to V15.0 or patches AID 1152309 / 1152331 / 1152332, plus physical and network access controls. No exploit technique, weaponization detail, or ransomware linkage is provided in the supplied corpus.
Official resources
-
CVE-2025-24479 CVE record
CVE.org
-
CVE-2025-24479 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-028-03 on 2025-01-28. This debrief reflects the published advisory date, not any later analysis or publication timing.