CVE-2025-9464
Published: 20 January 2026
Summary
CVE-2025-9464 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Rockwellautomation Armorstart Lt Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2025-9464 is a denial-of-service vulnerability affecting ArmorStart® LT, a product from Rockwell Automation. The issue arises during fuzzing of multiple CIP (Common Industrial Protocol) classes, which causes the CIP port to become unresponsive. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption).
The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected device. Exploitation requires low complexity and no user interaction, resulting in a high-impact denial-of-service condition where the CIP port fails to respond, potentially disrupting industrial control operations reliant on CIP communications.
Rockwell Automation has issued security advisory SD1768, available at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html, which provides details on mitigation and remediation for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3431
Vulnerability details
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct mapping to application exploitation causing endpoint DoS via CIP resource exhaustion (CWE-400).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly protects against denial-of-service events like fuzzing-induced CIP port unresponsiveness by limiting attack effects.
Mitigates uncontrolled resource consumption (CWE-400) causing CIP port failure by enforcing resource availability protections.
Validates CIP class inputs to block malformed fuzzing data that triggers resource exhaustion and DoS.