PatchSiren cyber security CVE debrief
CVE-2025-24481 Rockwell Automation CVE debrief
CVE-2025-24481 affects Rockwell Automation FactoryTalk View Site Edition versions prior to 15.0. According to the CISA CSAF advisory, the issue stems from incorrect permissions assigned to the remote debugger port, which can allow unauthenticated access to system configuration. Rockwell’s published mitigations center on upgrading to V15.0 or applying the vendor patch, and restricting access to Port 8091.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View Site Edition
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-28
- Original CVE updated
- 2025-01-28
- Advisory published
- 2025-01-28
- Advisory updated
- 2025-01-28
Who should care
Industrial control system operators, OT administrators, and engineers who run Rockwell Automation FactoryTalk View Site Edition on Windows workstations, especially environments still on versions earlier than 15.0 or where Port 8091 is reachable from untrusted networks.
Technical summary
The advisory describes an incorrect permission assignment on the remote debugger port in FactoryTalk View Site Edition products before Version 15.0. The exposure can permit unauthenticated access to system configuration, making workstation hardening and network access restriction important even before remediation. The CSAF remediation guidance specifically calls out upgrading to V15.0 or applying the vendor patch, protecting physical access to the workstation, and restricting access to Port 8091 at the network or workstation.
Defensive priority
High. The advisory assigns a CVSS v3.1 score of 7.3 (High), and the vendor guidance indicates the vulnerable service exposure can affect system configuration. Prioritize this for OT/ICS environments where the product is deployed on shared or reachable engineering workstations.
Recommended defensive actions
- Upgrade FactoryTalk View Site Edition to Version 15.0 or apply the vendor patch referenced in the advisory (Answer ID 1152306).
- Restrict access to Port 8091 at the network boundary and on the workstation.
- Protect physical access to affected workstations.
- Validate the FactoryTalk View SE installation path and environment variables as recommended by Rockwell (Answer ID 1152304).
- Follow Rockwell Automation’s industrial control system security best practices and defense-in-depth guidance.
- Use stakeholder-specific vulnerability categorization (SSVC) to prioritize remediation in your environment.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory for ICSA-25-028-04 / CVE-2025-24481 and its included remediation entries. The advisory states the product scope as FactoryTalk View Site Edition versions prior to 15.0, the flaw type as incorrect permissions on the remote debugger port, and the impact as unauthenticated access to system configuration. The published date used here is 2025-01-28, matching the supplied CVE/source timeline. The provided corpus does not include KEV listing or ransomware campaign use, so none is asserted.
Official resources
-
CVE-2025-24481 CVE record
CVE.org
-
CVE-2025-24481 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CSAF record on 2025-01-28 (ICSA-25-028-04). The supplied timeline shows the CVE publication and source publication at the same time, with no later modification noted in the provided data.