Rockwell FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability

MonitorCVSS 7.8SD1740Aug 13, 2025

Rockwell Automation

Summary

Rockwell Automation FactoryTalk Action Manager v1.0.0 contains a runtime vulnerability allowing remote code execution. The vendor has indicated no fix will be planned for this product. Attackers with network access to the Action Manager runtime service could exploit this to execute arbitrary commands, potentially affecting production automation, alarm suppression, and process control actions.

What this means

What could happen

An attacker could execute arbitrary code on systems running FactoryTalk Action Manager, potentially allowing them to modify automation sequences, suppress alarms, or disrupt production monitoring across your facilities.

Who's at risk

Organizations using Rockwell Automation FactoryTalk Action Manager in manufacturing, utilities, and process automation environments should be concerned. This software manages automated sequences and alarm handling across production systems, making it a critical point of control in industrial operations.

How it could be exploited

An attacker with network access to the FactoryTalk Action Manager runtime could send a specially crafted request to trigger arbitrary code execution. This could be leveraged to manipulate action sequences or commands sent to downstream control systems.

Prerequisites

Network access to the FactoryTalk Action Manager runtime service port
FactoryTalk Action Manager v1.0.0 or later installed and running

remotely exploitableno patch availableaffects automation control sequences

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk Action ManagerAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to FactoryTalk Action Manager runtime to only authorized engineering workstations and control systems

HARDENINGMonitor network traffic to and from FactoryTalk Action Manager for suspicious connections or anomalous request patterns

Mitigations - no patch available

0/1

FactoryTalk Action Manager has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGEvaluate alternative automation and action management solutions that receive active security updates, or implement compensating controls if replacement is not feasible

CVEs (1)

CVE-2025-7532

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ffa756b-f880-4123-a6a2-22ec9a69b772

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.