CVE-2025-9282

A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:armorstart_lt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:armorstart_lt:-:*:*:*:*:*:*:*

History

02 Feb 2026, 18:08

Type	Values Removed	Values Added
First Time		Rockwellautomation armorstart Lt Rockwellautomation armorstart Lt Firmware Rockwellautomation
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html - Vendor Advisory
CPE		cpe:2.3:o:rockwellautomation:armorstart_lt_firmware:::::::: cpe:2.3:h:rockwellautomation:armorstart_lt:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

20 Jan 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-20 14:16

Updated : 2026-02-02 18:08

NVD link : CVE-2025-9282

Mitre link : CVE-2025-9282

CVE.ORG link : CVE-2025-9282

JSON object : View

Products Affected

rockwellautomation

armorstart_lt
armorstart_lt_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2025-9282", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-20T14:16:12.593", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A security issue exists within ArmorStart\u00ae LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds."}], "lastModified": "2026-02-02T18:08:54.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:armorstart_lt_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "564CE3DE-2D80-4511-B970-C644C7217F20", "versionEndIncluding": "2.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:armorstart_lt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8AB2017-CB37-4A93-90FD-7FE82640FB77"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}