Rockwell ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities

Monitor7.5SD1768Jan 20, 2026

Summary

ArmorStart LT soft starters contain multiple denial-of-service vulnerabilities in all versions. Specially crafted network packets can cause the device to reset or become unresponsive, disrupting motor control operations. No vendor fix is currently available; Rockwell Automation has not committed to releasing remediation.

What this means

What could happen

Denial-of-service attacks could force ArmorStart LT soft starters to reset or become unresponsive, causing motor control failures and potential process shutdowns in applications like pump stations, compressors, or conveyor systems.

Who's at risk

Motor control operators and plant engineers managing Rockwell ArmorStart LT soft starters in water treatment, wastewater, electrical utilities, oil and gas, and manufacturing facilities. ArmorStart LT devices control large motors for pumps, compressors, fans, and conveyors where unexpected resets cause operational disruptions.

How it could be exploited

An attacker with network access to the ArmorStart LT device could send specially crafted packets to trigger a denial-of-service condition, causing the device to stop responding or reset and interrupt motor control operations.

Prerequisites

Network access to ArmorStart LT device (likely port 502 Modbus TCP or proprietary management port)
No authentication credentials required

remotely exploitableno authentication requiredno patch availableaffects critical motor control

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

ArmorStart LTAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDeploy network-level monitoring and rate-limiting rules on switches or firewalls connected to ArmorStart LT devices to detect and block unusual traffic patterns that could trigger denial-of-service conditions.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Rockwell Automation security advisories for future firmware updates or patches; establish a regular firmware update schedule if vendor releases remediation.

Mitigations - no patch available

0/1

ArmorStart LT has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate ArmorStart LT devices from untrusted networks. Use firewalls or industrial switches to restrict access to engineering workstations and SCADA systems only.

CVEs (9)

CVE-2025-9464 CVE-2025-9465 CVE-2025-9466 CVE-2025-9278 CVE-2025-9279 CVE-2025-9280 CVE-2025-9281 CVE-2025-9282 CVE-2025-9283

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bbf73661-4603-4336-b712-077024b02fa7