OTPulse
FeedAboutContact

Rockwell ArmorStart® AOP Denial-of-Service Vulnerability

Monitor7.5SD1751Oct 14, 2025
Summary

Rockwell Automation's ArmorStart AOP application is vulnerable to a denial-of-service condition in all versions. An attacker can send a specially crafted request that causes the AOP service to crash or become unresponsive, denying operators access to the interface used to monitor and control plant equipment. No patch is currently available from the vendor.

What this means
What could happen
An attacker can crash or freeze the ArmorStart AOP application, disrupting access to operator interface displays and potentially halting the ability to monitor or control critical industrial processes.
Who's at risk
Water utilities, electrical utilities, manufacturing plants, and other facilities using Rockwell Automation's ArmorStart AOP (Advanced Operator Panel) software for real-time process monitoring and control should be concerned. This affects any operator interface or HMI (Human-Machine Interface) systems that rely on ArmorStart AOP for visibility and control of pumps, generators, compressors, and other critical equipment.
How it could be exploited
An attacker with network access to the ArmorStart AOP host can send a specially crafted message or request to the AOP service, causing it to fail or become unresponsive. This denies legitimate operators access to the interface used to control and monitor equipment on the plant floor.
Prerequisites
  • Network access to the ArmorStart AOP host
  • Knowledge of the AOP service port or protocol
remotely exploitableno patch availableaffects operator visibility and control
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ArmorStart AOP Denial-of-ServiceAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to ArmorStart AOP hosts to only authorized engineering and operations workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDEstablish automated restart or watchdog monitoring of the ArmorStart AOP service to restore availability if a denial-of-service occurs
Mitigations - no patch available
0/2
ArmorStart AOP Denial-of-Service has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate ArmorStart AOP systems on a protected network segment separate from general IT infrastructure and the internet
HARDENINGDeploy network monitoring to detect unusual or excessive connection attempts to ArmorStart AOP ports
View full Rockwell Automation advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/29efbdfb-4d91-4c47-a079-705c5e17308b