OTPulse
FeedAboutContact

Rockwell Automation Studio 5000 Logix Designer

Plan Patch7.5ICS-CERT ICSA-25-226-29Aug 14, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

Studio 5000 Logix Designer versions 36.00.02 through 37.00.01 contain an input validation defect (CWE-20) that could allow an attacker with local access to execute malicious code or crash the engineering workstation. Exploitation requires the user to interact with a malicious file or project and has high attack complexity. No public exploitation has been reported.

What this means
What could happen
An attacker with local access to a system running vulnerable Studio 5000 Logix Designer could execute malicious code or crash the engineering workstation, disrupting control system development and potentially allowing them to modify PLC programs before deployment.
Who's at risk
Engineering and control system integrators using Studio 5000 Logix Designer on development workstations for PLC and automation device programming. This affects anyone who develops, tests, or maintains Rockwell Automation industrial control programs.
How it could be exploited
An attacker must have local access to a workstation running Studio 5000 Logix Designer, trick a user into opening a malicious file or interacting with a prepared project (requires user interaction), and then execute code with the permissions of the logged-in engineer. The high attack complexity suggests the attack requires specific conditions or social engineering.
Prerequisites
  • Local access to the engineering workstation
  • Studio 5000 Logix Designer version 36.00.02 through 37.00.01 installed
  • User interaction required (opening a malicious file or project)
Local access required (not remotely exploitable)User interaction required (high attack complexity)Affects engineering/development workstationsCould allow code execution on development systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Studio 5000 Logix Designer: >=36.00.02|<37.00.02≥ 36.00.02|<37.00.0237.00.02 or later
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDEducate engineering staff not to open or load project files from untrusted sources without verification
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Studio 5000 Logix Designer to version 37.00.02 or later
Long-term hardening
0/1
HARDENINGRestrict physical and network access to engineering workstations running Studio 5000 to authorized personnel only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d14b3158-7bf9-4a53-94c5-181db9cb9685
Rockwell Automation Studio 5000 Logix Designer | CVSS 7.5 - OTPulse