PatchSiren cyber security CVE debrief
CVE-2025-9368 Rockwell Automation CVE debrief
Rockwell Automation’s 432ES-IG3 Series A is affected by a denial-of-service vulnerability in the GuardLink EtherNet/IP Interface. According to the CISA-republished advisory, the condition can disrupt availability and requires a manual power cycle to restore the device. Rockwell’s documented fix is to update to V2.001.9 or later.
- Vendor
- Rockwell Automation
- Product
- 432ES-IG3 Series A
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-01-13
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-01-13
Who should care
Industrial control system owners, operators, and maintenance teams using Rockwell Automation 432ES-IG3 Series A devices, especially environments where loss of availability could interrupt operations.
Technical summary
CVE-2025-9368 is a network-reachable availability issue affecting Rockwell Automation 432ES-IG3 Series A. The advisory describes a denial-of-service condition in the GuardLink EtherNet/IP Interface, with recovery requiring a manual power cycle. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with a high-severity availability impact and no stated confidentiality or integrity impact.
Defensive priority
High. The issue is easy to reach over the network, can take the device out of service, and requires manual recovery. Update planning should be prioritized for any exposed or production-deployed 432ES-IG3 Series A devices.
Recommended defensive actions
- Upgrade affected 432ES-IG3 Series A devices to Rockwell Automation V2.001.9 or later using the vendor download path provided in the advisory.
- If an immediate upgrade is not possible, follow Rockwell Automation’s security best practices and CISA industrial control systems recommended practices.
- Identify where 432ES-IG3 Series A devices are deployed and confirm whether any are exposed to broader network access than necessary.
- Reduce exposure by limiting access to trusted OT management networks and using appropriate segmentation and defensive monitoring.
- Plan maintenance and recovery procedures with the expectation that a manual power cycle may be required if the denial-of-service condition occurs.
Evidence notes
The source corpus states that CISA republished Rockwell Automation advisory SD1764 as ICSA-26-013-01 on 2026-01-13. The advisory text explicitly says the issue affects 432ES-IG3 Series A, causes a denial-of-service condition, and requires a manual power cycle to recover. Rockwell’s remediation entry recommends updating to V2.001.9 or later. No KEV entry or ransomware-campaign linkage is included in the supplied data.
Official resources
-
CVE-2025-9368 CVE record
CVE.org
-
CVE-2025-9368 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-013-01 on 2026-01-13 as an initial republication of Rockwell Automation advisory SD1764 for CVE-2025-9368.