PatchSiren cyber security CVE debrief
CVE-2025-9280 Rockwell Automation CVE debrief
CVE-2025-9280 describes a denial-of-service condition in Rockwell Automation ArmorStart LT. According to the advisory summary, fuzzing with Defensics can make the device unresponsive and require a reboot. Rockwell states that no patch or upgrade is available at this time and recommends compensating security best practices.
- Vendor
- Rockwell Automation
- Product
- ArmorStart LT 290D
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-29
- Original CVE updated
- 2026-01-29
- Advisory published
- 2026-01-29
- Advisory updated
- 2026-01-29
Who should care
Industrial control system operators, plant engineers, and OT security teams using Rockwell Automation ArmorStart LT 290D, 291D, or 294D should pay attention. The issue affects availability, so environments that depend on continuous device operation should review compensating controls and recovery procedures.
Technical summary
The supplied CSAF advisory describes a network-reachable availability issue with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Rockwell Automation reports that fuzzing performed using Defensics can cause ArmorStart LT to become unresponsive, requiring a reboot. The advisory does not indicate confidentiality or integrity impact, and the supplied remediation states that there is currently no patch or upgrade available.
Defensive priority
High for OT environments where ArmorStart LT uptime is operationally important. The impact is availability-only, but the lack of a patch means defenders should focus on exposure reduction, segmentation, monitoring, and recovery readiness until a vendor fix becomes available.
Recommended defensive actions
- Review the Rockwell Automation SD1768 advisory and CISA ICSA-26-029-02 for vendor guidance.
- Apply Rockwell Automation's recommended security best practices as compensating controls.
- Limit network exposure to ArmorStart LT devices and place them behind appropriate OT segmentation controls.
- Verify operational procedures for safely recovering or rebooting an affected device if it becomes unresponsive.
- Monitor the vendor and CISA advisories for future patch or update availability.
- Prioritize this issue in environments where loss of device availability could interrupt industrial operations.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory summary and associated official references. The advisory text states that fuzzing performed using Defensics can make the device unresponsive, requiring a reboot. The supplied remediation states that there is no patch or upgrade at this time and points users to Rockwell Automation's SD1768 advisory and security best practices. The CVSS vector in the supplied record indicates network attack vector, no privileges or user interaction required, and high availability impact only.
Official resources
-
CVE-2025-9280 CVE record
CVE.org
-
CVE-2025-9280 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA republished Rockwell Automation advisory SD1768 as ICSA-26-029-02 on 2026-01-29 UTC. The supplied CVE record shows the same publication and modification timestamp for CVE-2025-9280.