SD1768 | Security Advisory | Rockwell Automation

Severity:

High

Advisory ID:

SD1768

Published Date:

January 20, 2026

Last Updated:

January 20, 2026

Revision Number:

1.0

Known Exploited Vulnerability (KEV):

Corrected:

Workaround:

CVE IDs

CVE-2025-9464 ,

CVE-2025-9465,

CVE-2025-9466,

CVE-2025-9278,

CVE-2025-9279,

CVE-2025-9280,

CVE-2025-9281,

CVE-2025-9282,

CVE-2025-9283

Downloads

The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:

JSON

Summary

ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities

The security of our products is important to us as your industrial automation supplier. This security issue was found internally during routine testing and is being reported based on our commitment to customer transparency and improvement of all business environments.

Product Description

ArmorStart® LT is a compact, pre-engineered distributed motor control solution designed for material handling applications, offering full-voltage, reversing, or variable speed motor control with integrated network connectivity and IP66-rated enclosures for on-machine use.

Affected products and solution

Affected Product	CVE	Affected Software Version	Corrected in Software Version	Affected Catalogs
ArmorStart® LT	CVE-2025-9464	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9465	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9466	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9278	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9279	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9280	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9281	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9282	V2.002 and below	Not available	290D, 291D, 294D
ArmorStart® LT	CVE-2025-9283	V2.002 and below	Not available	290D, 291D, 294D

Security Issue Details

Category	Details
CVE ID	CVE-2025-9464
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9465
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9466
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9278
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9279
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9280
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9281
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9282
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9283
Impact	A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVSS 3.1 Base Score	7.5/10
CVSS 4.0 Base Score	8.7/10
CWEs	CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability	No (Not listed in KEV database)

Mitigations and Workarounds

Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices.

Revision History

Revision	Date	Description
1.0	January 20, 2026	Initial release

Get Up-to-Date Product Security Information

Visit the Rockwell Automation security advisories on the Trust Center page to:

· Subscribe to product security alerts

· Review the current list of Rockwell Automation security advisories

· Report a possible security issue in a Rockwell Automation product

· Learn more about the Rockwell Automation vulnerability policy

Support

If you have any questions regarding the security issue(s) above and how to mitigate them, contact TechConnect for help. More information can be found at Contact Us | Rockwell Automation | US.

If you have any questions regarding this disclosure, please contact PSIRT

Email: rasecure@ra.rockwell.com

Legal Disclaimer

ROCKWELL AUTOMATION DOES NOT WARRANT THE COMPLETENESS, TIMELINESS OR ACCURACY OF ANY OF THE DATA CONTAINED IN THIS WEB SITE AND MAY MAKE CHANGES THERETO AT ANY TIME IN ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS "AS IS." IN NO EVENT SHALL ROCKWELL BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT OR DAMAGE, EVEN IF ROCKWELL AUTOMATION HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES. ROCKWELL AUTOMATION DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED IN RESPECT OF THE INFORMATION (INCLUDING SOFTWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not countenance the exclusion of implied warranties; thus, this disclaimer may not apply to you.