PatchSiren cyber security CVE debrief
CVE-2025-24482 Rockwell Automation CVE debrief
CVE-2025-24482 is a high-severity local code injection issue in Rockwell Automation FactoryTalk View Site Edition affecting all versions prior to 15.0. CISA says incorrect default permissions can allow DLLs to be executed with higher-level permissions. Rockwell’s guidance is to upgrade to V15.0 or apply the patch and use compensating controls such as restricting physical access and limiting access to Port 8091.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View Site Edition
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-28
- Original CVE updated
- 2025-01-28
- Advisory published
- 2025-01-28
- Advisory updated
- 2025-01-28
Who should care
OT/ICS defenders, plant and engineering workstation administrators, Rockwell FactoryTalk View Site Edition operators, and patch-management teams should prioritize this advisory. Incident response teams should also review any shared or locally accessible workstations running affected versions.
Technical summary
The advisory describes a local code injection weakness in Rockwell Automation FactoryTalk View Site Edition products before version 15.0. According to the supplied source, the issue stems from incorrect default permissions and can allow DLLs to execute with higher-level permissions. The CVSS 3.1 vector is 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), indicating a locally exploitable issue with meaningful integrity and availability impact.
Defensive priority
High. Prioritize remediation on any affected workstation or engineering system that could be accessed by a local user or attacker, especially in environments where physical access or shared accounts are possible.
Recommended defensive actions
- Upgrade FactoryTalk View Site Edition to V15.0 or apply the vendor patch (Rockwell Answer ID 1152304 / 1152306, as applicable).
- Check environment variable PATH ordering and ensure the FactoryTalk View SE installation path (C:\Program Files (x86)\Common Files\Rockwell) appears before other paths.
- Protect physical access to the workstation running the affected software.
- Restrict access to Port 8091 at the network or workstation level.
- Follow Rockwell’s industrial security best practices and, where appropriate, use CISA SSVC to prioritize remediation by your specific environment.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-028-04 and the supplied source item for CVE-2025-24482. The source states that Rockwell Automation FactoryTalk View Site Edition versions prior to 15.0 are affected, the weakness is due to incorrect default permissions, and DLLs may execute with higher-level permissions. The vendor remediations listed in the source include upgrading to V15.0 or applying the patch, checking PATH ordering, protecting physical access, and restricting Port 8091.
Official resources
-
CVE-2025-24482 CVE record
CVE.org
-
CVE-2025-24482 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-25-028-04 on 2025-01-28. The supplied corpus does not show KEV listing or ransomware campaign use.