CVE-2025-9466
Published: 20 January 2026
Summary
CVE-2025-9466 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Rockwellautomation Armorstart Lt Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 42.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-9466 is a vulnerability in ArmorStart® LT that can trigger a denial-of-service condition. The issue manifests during execution of Achilles EtherNet/IP and CIP grammar tests, causing the device to reboot unexpectedly and the Link State Monitor to go offline for several seconds. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation results in a temporary denial of service, as the targeted device reboots and its Link State Monitor becomes unavailable for several seconds.
Rockwell Automation's security advisory (SD1768) at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html provides details on mitigation steps for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3435
Vulnerability details
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of uncontrolled resource consumption (CWE-400) directly triggers device reboot and temporary service unavailability, matching Application or System Exploitation for Endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the flaw in ArmorStart LT causing uncontrolled resource consumption and reboots during EtherNet/IP and CIP grammar tests.
Implements denial-of-service protections to mitigate network-based resource exhaustion attacks triggering device reboots.
Enforces boundary protection to monitor and control EtherNet/IP and CIP traffic, blocking malformed packets that exploit the vulnerability.