OTPulse
FeedAboutContact

Rockwell Stratix® Impact to Cisco CVE-2025-20352

Act Now7.7SD1749Sep 26, 2025
Summary

Rockwell Stratix Impact managed industrial routers are vulnerable to a remote code execution vulnerability inherited from their Cisco OS foundation (CVE-2025-20352). The vulnerability allows unauthenticated network attackers to gain unauthorized access or execute arbitrary commands on the router. No patch is currently available from Rockwell Automation. The vulnerability is actively being exploited in the wild.

What this means
What could happen
An attacker with network access to a Stratix Impact router can exploit a vulnerability in its Cisco-based operating system to gain unauthorized remote access or execute commands on the device, potentially disrupting network connectivity to industrial equipment such as PLCs, drives, and safety systems.
Who's at risk
Water authorities and electric utilities operating Rockwell Stratix Impact managed industrial routers in their control networks. These devices are critical for connecting PLCs, variable frequency drives, safety controllers, and SCADA systems. Any compromise could disrupt communications between field devices and control centers.
How it could be exploited
An attacker sends a specially crafted packet or request to the Stratix Impact device over the network (likely targeting a management or service port). The vulnerability in the underlying Cisco OS allows the attacker to bypass authentication or execute code without proper validation, gaining remote access to the router configuration and potentially lateral movement into your control network.
Prerequisites
  • Network access to the Stratix Impact device (typically on port 22, 80, 443, or 502 depending on configured services)
  • No valid credentials required (unauthenticated access is possible)
Remotely exploitableNo authentication requiredActively exploited in the wild (KEV)No patch availableNetwork routing device (affects all downstream equipment)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
Stratix Impact toAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDIsolate or air-gap Stratix Impact devices from untrusted networks; restrict network access using firewall rules to only necessary subnets and ports
HARDENINGDisable unnecessary services and management ports (Telnet, HTTP, SNMP) on the Stratix Impact device if not required for operations
HARDENINGMonitor network traffic to and from Stratix Impact devices for anomalous access patterns and unexpected connections
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Rockwell Automation to determine if a firmware update addressing CVE-2025-20352 is available or planned
View full Rockwell Automation advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9b92507c-6e9d-4f84-8626-607bffc0034b
Rockwell Stratix® Impact to Cisco CVE-2025-20352 | CVSS 7.7 - OTPulse