Rockwell Automation Stratix IOS

Plan PatchCVSS 9.6ICS-CERT ICSA-25-252-03Sep 9, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Stratix IOS contains a vulnerability that allows an attacker to inject and execute malicious configurations without authentication. The vulnerability affects Stratix IOS versions 15.28E5 and earlier and can be exploited remotely via the web interface. A variant affecting all Stratix IOS versions using cross-site request forgery (CSRF) has no planned fix. Successful exploitation allows complete configuration override, which could disrupt network connectivity or enable unauthorized access to industrial devices.

What this means

What could happen

An attacker could upload and run malicious configurations on your Stratix switch without providing any credentials, potentially disrupting network connectivity across your industrial processes or allowing unauthorized control system access.

Who's at risk

This affects organizations running Rockwell Automation Stratix IOS industrial managed switches used for network connectivity in manufacturing plants, utilities, and process control environments. Particular concern for any site using Stratix switches to connect PLCs, remote I/O, HMIs, or safety systems to the control network.

How it could be exploited

An attacker on the network (or tricking a user to visit a malicious website) could submit a crafted HTTP request to the Stratix IOS web interface that bypasses authentication checks and injects malicious configuration commands. The vulnerability does not require user interaction on the Stratix device itself—only that a user visits an attacker-controlled page, making it a cross-site request forgery (CSRF) attack vector.

Prerequisites

Network access to the Stratix IOS web interface (HTTP/HTTPS port)
In some cases, a user with access to the web interface must be tricked into visiting an attacker-controlled website while logged in to the Stratix

Remotely exploitableNo authentication requiredLow complexity attack (CSRF)CVSS 9.6 critical severityAffects network infrastructure critical to process continuityCSRF variant has no fix planned

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

Stratix IOS: <=15.28E5≤ 15.28E515.2(8)E6

Stratix IOS CSRFAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Stratix IOS web interface (HTTP/HTTPS ports) to authorized engineering workstations and management networks only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Stratix IOS to version 15.2(8)E6 or later

Mitigations - no patch available

0/2

Stratix IOS CSRF has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDisable the Stratix IOS web interface if remote management is not required, or use out-of-band management (console/serial) for configuration instead

HARDENINGIsolate Stratix IOS switches from your business network and internet—place them on a dedicated industrial network segment behind a firewall

CVEs (1)

CVE-2025-7350

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e2912bc5-1f30-4f03-8072-a66d3ce61587

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.