Rockwell Automation Lifecycle Services with Cisco
Act Now7.7ICS-CERT ICSA-25-282-02Oct 9, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Vulnerability in Rockwell Automation Industrial Data Center (IDC) with Cisco switching infrastructure and managed support contracts allows remote code execution. A user with valid credentials and network access can exploit a memory corruption issue (CWE-121) to execute arbitrary code on the device. This affects all generations of IDC with Cisco switches, as well as network-managed and firewall-managed support contracts. Successful exploitation could allow an attacker to compromise control system communications, alter network behavior, or disrupt manufacturing operations.
What this means
What could happen
An attacker with network access and valid credentials could execute arbitrary code on Industrial Data Center infrastructure or Cisco network devices, potentially disrupting manufacturing operations, control system communications, or data integrity.
Who's at risk
Manufacturing facilities using Rockwell Automation Industrial Data Center infrastructure with Cisco switching or managed support contracts should be concerned. This affects all generations of IDC with Cisco switches, IDC-managed support, network-managed support with Cisco switches, and firewall-managed support with Cisco firewalls. Any facility relying on these devices for network control, device communication, or infrastructure management is at risk.
How it could be exploited
An attacker with valid credentials and network access to the affected Rockwell Automation IDC or Cisco network equipment could exploit a memory corruption vulnerability to run arbitrary code on the device. This could allow them to modify network traffic, disable communications to PLCs or field devices, or alter system configurations that affect manufacturing processes.
Prerequisites
- Valid user credentials (low-privilege login acceptable)
- Network access to the affected Industrial Data Center or Cisco network device on the management network
- Device must be running a vulnerable generation/version
remotely exploitablerequires valid credentialslow attack complexityactively exploited (KEV)no patch availableaffects critical infrastructure
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
Industrial Data Center (IDC) with Cisco Switching: >=Generations_1|<=5≥ Generations 1|≤ 5No fix (EOL)
IDC-Managed Support contract with Cisco Switching: >=Generations_1|<=5≥ Generations 1|≤ 5No fix (EOL)
Network-Managed Support contract with Cisco network switch: vers:all/*All versionsNo fix (EOL)
Firewall-Managed Support contract with Cisco firewall: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4WORKAROUNDContact Rockwell Automation if you have an active Infrastructure Managed Service contract to discuss remediation strategy and timeline
WORKAROUNDApply Cisco's published workarounds (refer to Cisco security advisory for specific network isolation and configuration hardening steps)
HARDENINGRestrict network access to the Industrial Data Center and Cisco network devices to authorized administrative staff only; do not expose management interfaces to the business network or internet
HARDENINGImplement firewall rules to block unauthorized access to management ports and protocols on affected devices
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
Industrial Data Center (IDC) with Cisco Switching: >=Generations_1|<=5
HARDENINGIf remote access to the IDC or network devices is required, use VPN and enforce multi-factor authentication for administrative logins
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Industrial Data Center (IDC) with Cisco Switching: >=Generations_1|<=5, IDC-Managed Support contract with Cisco Switching: >=Generations_1|<=5, Network-Managed Support contract with Cisco network switch: vers:all/*, Firewall-Managed Support contract with Cisco firewall: vers:all/*. Apply the following compensating controls:
HARDENINGSegment the Industrial Data Center and network management infrastructure from the manufacturing control network and business network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8df6d378-d2ee-42d7-b6c5-5356a28061ab