Rockwell Automation ArmorStart AOP

MonitorCVSS 7.5ICS-CERT ICSA-25-289-04Oct 14, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability in Rockwell Automation ArmorStart AOP (all versions up to V2.05.07) allows an attacker with network access to crash or disable the application. The vulnerability is caused by improper error handling (CWE-248). Rockwell Automation has not released a fix and recommends implementing network segmentation and access controls as mitigations.

What this means

What could happen

An attacker can remotely disable or crash the ArmorStart AOP application, preventing operators from monitoring and controlling plant assets until the service is manually restarted.

Who's at risk

Manufacturing facilities, utilities, and process plants using Rockwell Automation ArmorStart AOP for monitoring and control system integration. This includes automotive suppliers, food and beverage processing, chemical plants, oil and gas operations, and utilities that depend on ArmorStart for real-time process visibility and command execution.

How it could be exploited

An attacker with network access to the ArmorStart AOP service sends a specially crafted request that triggers the vulnerability, causing the application to crash or become unresponsive. No authentication is required.

Prerequisites

Network access to the ArmorStart AOP service port
No credentials required

remotely exploitableno authentication requiredlow complexityno patch availableactively monitoring recommended by vendor

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ArmorStart AOP Denial-of-ServiceAll versionsNo fix (EOL)

ArmorStart AOP: <=V2.05.07≤ V2.05.07No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to the ArmorStart AOP service to only authorized engineering workstations and control system networks using firewall rules or access control lists.

HARDENINGEnsure the ArmorStart AOP service is not accessible from the internet or untrusted networks.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate the ArmorStart AOP application and its host from the business network using a firewall.

HARDENINGMonitor ArmorStart AOP service logs for unexpected crashes or restarts and establish alerting for service unavailability.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ArmorStart AOP Denial-of-Service, ArmorStart AOP: <=V2.05.07. Apply the following compensating controls:

HARDENINGImplement network monitoring to detect unusual traffic patterns or repeated connection attempts to the ArmorStart AOP service.

CVEs (1)

CVE-2025-9437

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/199a2a80-7662-4842-aaec-0d98ea1aafc2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.