OTPulse
FeedAboutContact

Rockwell Automation Stratix IOS

Act Now9.6ICS-CERT ICSA-25-252-03Sep 9, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Stratix IOS switches versions 15.28E5 and earlier contain a vulnerability that allows an attacker to load and execute malicious device configurations without authentication. This could allow an attacker to modify network settings, disable interfaces, or alter traffic routing to disrupt operations. Rockwell Automation has released version 15.2(8)E6 or later to correct the issue.

What this means
What could happen
An attacker could load and run malicious device configurations on Stratix IOS switches without needing credentials, potentially disrupting network connectivity and isolating critical control systems from each other or from monitoring.
Who's at risk
Water authorities and electric utilities operating Rockwell Automation Stratix IOS switches for network infrastructure. These are Layer 3 managed switches commonly used to interconnect control systems, field devices, and SCADA networks. Any facility relying on these devices for network segmentation or operational connectivity should prioritize this fix.
How it could be exploited
An attacker on the network sends a crafted configuration file to the Stratix IOS device. The device accepts and executes the malicious configuration without requiring authentication, allowing the attacker to modify network settings, disable interfaces, or alter traffic routing in ways that disrupt operations.
Prerequisites
  • Network access to the Stratix IOS device (typically port 80/443 for web interface or management port)
  • No credentials required for exploitation
remotely exploitableno authentication requiredlow complexitycritical CVSS score (9.6)affects network infrastructure with cascading impact on control systems
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
Stratix IOS: <=15.28E5≤ 15.28E515.2(8)E6
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to Stratix IOS management interfaces using firewall rules (allow only from authorized IT/engineering networks)
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Stratix IOS to version 15.2(8)E6 or later
Long-term hardening
0/2
HARDENINGIsolate Stratix IOS devices from the internet and from business network segments; keep control system networks on separate VLANs or behind dedicated firewalls
HARDENINGIf remote management is required, enforce access through VPN with additional authentication (e.g., multi-factor authentication)
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e2912bc5-1f30-4f03-8072-a66d3ce61587
Rockwell Automation Stratix IOS | CVSS 9.6 - OTPulse