July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Gafgyt aka Bashlite Malware – Active IOCs
January 29, 2025ICS: Schneider Electric EcoStruxure Products Vulnerability
January 29, 2025Gafgyt aka Bashlite Malware – Active IOCs
January 29, 2025ICS: Schneider Electric EcoStruxure Products Vulnerability
January 29, 2025
Severity
High
Analysis Summary
CVE-2025-24482 CVSS:7
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
CVE-2025-24481 CVSS:7
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
CVE-2025-24480 CVSS:9.3
A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.
CVE-2025-24479 CVSS:8.6
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.
CVE-2025-0659 CVSS:7
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects.
CVE-2025-24478 CVSS:7.1
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.
CVE-2025-0631 CVSS:8.7
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
Impact
- Denial of Service
- Code Execution
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-24482
CVE-2025-24481
CVE-2025-24480
CVE-2025-24479
CVE-2025-0659
CVE-2025-24478
CVE-2025-0631
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation FactoryTalk® View Site Edition - V15
- Rockwell Automation DataEdgePlatform DataMosaix™ Private Cloud - 7.11
- Rockwell Automation PowerFlex 755 - 16.002.279
Remediation
Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.