These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-9466 affects Rockwell Automation ArmorStart LT and can cause a denial-of-service condition. According to the CISA CSAF advisory published on 2026-01-29, execution of Achilles EtherNet/IP and CIP grammar tests may trigger an unexpected device reboot, taking the Link State Monitor down for several seconds. Rockwell Automation reported no patch or upgrade available at publication and recommended app [truncated]
CVE-2025-9465 is a high-severity availability issue affecting Rockwell Automation ArmorStart LT products. CISA’s republication of Rockwell Automation advisory SD1768 states that, during execution of Achilles Comprehensive grammar tests, the device can reboot unexpectedly and cause the Link State Monitor to go down for several seconds. Rockwell’s guidance at the time was mitigation-focused: there was no pa [truncated]
CVE-2025-9464 is a denial-of-service issue affecting Rockwell Automation ArmorStart LT. According to the CISA advisory, fuzzing multiple CIP classes can make the CIP port unresponsive. The advisory was published on 2026-01-29 and states that no patch or upgrade was available at that time; Rockwell advised applying security best practices to reduce risk.
CVE-2025-9283 describes an availability issue in Rockwell Automation ArmorStart LT. Per the CISA-republished advisory, the device can reboot unexpectedly during Achilles EtherNet/IP Step Limits Storms tests, which causes the Link State Monitor to go down for several seconds. The advisory states that no patch or upgrade is available at the time of publication, and recommends applying security best practice [truncated]
CVE-2025-9282 affects Rockwell Automation ArmorStart LT devices and is described as a denial-of-service issue. In the CISA republished advisory, the device can reboot unexpectedly during Achilles Comprehensive limited storm tests, causing the Link State Monitor to go down for several seconds. Rockwell Automation reported no patch or upgrade at the time of the advisory and recommended applying ICS security [truncated]
CVE-2025-9281 is a denial-of-service issue in Rockwell Automation ArmorStart LT. CISA’s 2026-01-29 advisory says the device can reboot unexpectedly during Achilles Comprehensive step limit storm tests, which causes the Link State Monitor to go down for several seconds. The advisory lists ArmorStart LT 290D, 291D, and 294D as affected and states that no patch or upgrade was available at publication, so ope [truncated]
CVE-2025-9280 describes a denial-of-service condition in Rockwell Automation ArmorStart LT. According to the advisory summary, fuzzing with Defensics can make the device unresponsive and require a reboot. Rockwell states that no patch or upgrade is available at this time and recommends compensating security best practices.
CVE-2025-9279 is a denial-of-service issue affecting Rockwell Automation ArmorStart LT products. In the CISA-republished advisory, the device can reboot unexpectedly during Achilles EtherNet/IP Step Limit Storm testing, which drops the Link State Monitor for several seconds. CISA’s source material lists no patch or upgrade at the time of publication and recommends applying security best practices as a mitigation.
CVE-2025-9278 is a denial-of-service issue in Rockwell Automation ArmorStart LT. According to the advisory text, running a Burp Suite active scan can cause the device to lose ICMP connectivity, which then makes the web application inaccessible. CISA republished the vendor advisory on 2026-01-29 as ICSA-26-029-02.
CVE-2025-14027 covers multiple denial-of-service weaknesses in Rockwell Automation ControlLogix Redundancy Enhanced Modules 1756-RM2 and 1756-RM2XT firmware. According to the CISA CSAF advisory, crafted inputs such as malformed Class 3 messages, memory leak conditions, and other resource-exhaustion scenarios can cause the device to become unresponsive and, in some cases, trigger a major nonrecoverable fau [truncated]
Rockwell Automation CompactLogix 5370 has a denial-of-service vulnerability that can be triggered by a malformed CIP forward open message. According to the CISA advisory, the condition can cause a major nonrecoverable fault and require a restart to recover. Rockwell provides fixed versions for affected branches, and CISA also points readers to Rockwell security guidance for systems that cannot be upgraded [truncated]
CVE-2025-14377 is a high-severity information exposure issue in Rockwell Automation Verve Asset Manager’s legacy Ansible playbook component. According to the CISA republication of the vendor advisory, sensitive information could be incorrectly stored in unencrypted form during playbook execution. Rockwell Automation states the issue was resolved in version 1.42, and that the legacy component became option [truncated]
CVE-2025-14376 was publicly disclosed on 2026-01-20 in CISA's republished advisory for Rockwell Automation Verve Asset Manager. The issue affects the legacy ADI server component, where unencrypted sensitive data was stored in environment variables. Rockwell Automation states the issue was resolved in version 1.42, and that the component became optional beginning with version 1.36 in 2024, which means expo [truncated]
Rockwell Automation’s 432ES-IG3 Series A is affected by a denial-of-service vulnerability in the GuardLink EtherNet/IP Interface. According to the CISA-republished advisory, the condition can disrupt availability and requires a manual power cycle to restore the device. Rockwell’s documented fix is to update to V2.001.9 or later.
CVE-2025-12807 is a high-severity issue in Rockwell Automation FactoryTalk DataMosaix Private Cloud. CISA’s advisory says low-privilege users can perform sensitive database operations through exposed API endpoints. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) scores 8.8, so this should be treated as a serious exposure in environments running the affected product. The advisory’s revis [truncated]
Rockwell Automation FactoryTalk Policy Manager is affected by CVE-2024-22019, a network-reachable denial-of-service issue in Node.js HTTP server handling of chunked encoding. According to the CISA CSAF advisory, a specially crafted HTTP request can cause the server to read an unbounded number of bytes from a single connection via chunk extension processing, which can exhaust CPU and network bandwidth and [truncated]
CVE-2025-9177 is a denial-of-service issue in Rockwell Automation’s 1715 EtherNet/IP Comms Module. According to the CISA CSAF advisory, a high volume of requests can crash the module’s web server. The advisory states that I/O control and communication are not impacted, but the webpage is unavailable until the device is power-cycled.
