Rockwell Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability
Monitor7.5SD1734Aug 14, 2025
Summary
Studio 5000 Logix Designer is vulnerable to arbitrary code execution when opening a malicious project file. An attacker can craft a project file that executes code with the privilege of the engineering workstation when opened in Logix Designer. No fix is currently available from Rockwell Automation. All versions of Studio 5000 Logix Designer are affected.
What this means
What could happen
An attacker with access to a Logix Designer project file could execute arbitrary code on the engineering workstation when the file is opened, potentially compromising all PLCs and control logic that the workstation manages.
Who's at risk
Industrial facilities using Rockwell Automation PLCs and control logic rely on Logix Designer for programming and maintenance. This vulnerability affects all engineering teams and system integrators who develop or modify PLC logic using Studio 5000. Any facility where multiple control systems are managed from shared engineering workstations faces elevated risk of wide-spread compromise.
How it could be exploited
An attacker crafts a malicious Logix Designer project file and distributes it via email, file share, or supply chain channel. When an engineer opens the file in Studio 5000 Logix Designer to review or modify it, the malicious code runs with the privilege of the engineering workstation. From there, the attacker gains control of the workstation and can modify PLC programs, steal credentials, or pivot to other control systems on the network.
Prerequisites
- Access to deliver a malicious Logix Designer project file to an engineer
- The engineer must open the file in Studio 5000 Logix Designer
- No special credentials or prior system access required
No authentication requiredLow complexity attackNo patch availableEngineering workstation is a trusted point in the supply chainAffects all versions of the product
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Studio 5000 Logix DesignerAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGImplement file validation and signing controls: require all Logix Designer project files to be digitally signed by trusted sources before engineers open them
HARDENINGRestrict file transfers to engineering workstations to only trusted internal sources; disable email attachments or require scanning and quarantine of *.apa/*.acd files
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDMonitor Rockwell Automation vendor communications and security bulletins for a vendor patch; contact Rockwell support to request timeline for a fix
Mitigations - no patch available
0/2Studio 5000 Logix Designer has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate engineering workstations on a separate network segment with strict egress controls to limit lateral movement if a workstation is compromised
HARDENINGImplement application whitelisting on engineering workstations to restrict execution to approved applications and scripts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7f83639b-64c5-443f-8886-813bc8335bc6