PatchSiren cyber security CVE debrief
CVE-2025-24480 Rockwell Automation CVE debrief
CVE-2025-24480 is a critical remote code execution vulnerability affecting Rockwell Automation FactoryTalk View ME versions prior to 15.0. According to the CISA CSAF advisory, the issue stems from insufficient input sanitation and could allow a remote attacker to run commands or code as a highly privileged user. Rockwell Automation and CISA list version 15.0 or vendor-provided patches as the primary remediation, along with network and physical access controls to reduce exposure.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View ME
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-28
- Original CVE updated
- 2025-01-28
- Advisory published
- 2025-01-28
- Advisory updated
- 2025-01-28
Who should care
Industrial control system administrators, OT security teams, plant engineers, and incident responders responsible for Rockwell Automation FactoryTalk View ME deployments should prioritize this advisory, especially where affected systems are reachable from broader networks or where local access cannot be tightly controlled.
Technical summary
The advisory describes an externally reachable RCE condition in FactoryTalk View ME before version 15.0. The stated root cause is lack of input sanitation. Impact is severe because successful exploitation may permit command or code execution with high privileges, which aligns with the published CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and score of 9.8. The vendor-listed mitigations are to upgrade to V15.0 or apply the referenced patches, protect network access to the device, strictly constrain invoked function parameters, and control physical access where feasible.
Defensive priority
Immediate. The combination of network attackability, no privileges required, and high impact on confidentiality, integrity, and availability makes this a top-priority OT remediation item. Systems exposed beyond a trusted control network should be addressed first.
Recommended defensive actions
- Upgrade Rockwell Automation FactoryTalk View ME to version 15.0 or apply the vendor patch references listed in the advisory (AID 1152309, 1152331, or 1152332 as applicable).
- Restrict network access to affected devices and place them behind segmented OT network controls.
- Strictly constrain parameters passed to invoked functions, following vendor guidance.
- Control physical access to affected systems where possible.
- Review Rockwell Automation security advisories and implement the vendor's recommended industrial control system security best practices.
- Use SSVC or an equivalent environment-specific process to prioritize remediation across OT assets.
Evidence notes
All substantive claims in this debrief come from the supplied CISA CSAF advisory and associated official references. The advisory identifies Rockwell Automation FactoryTalk View ME versions prior to 15.0 as affected, describes the weakness as lack of input sanitation, and states that a remote attacker could execute commands or code as a high privileged user. The advisory metadata shows initial publication on 2025-01-28, matching the supplied CVE published date. Remediation text in the source includes upgrade to V15.0 and vendor patch references, plus protections for network and physical access.
Official resources
-
CVE-2025-24480 CVE record
CVE.org
-
CVE-2025-24480 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-24480 and the CISA CSAF advisory ICSA-25-028-03 were initially published on 2025-01-28.