Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Rockwell Automation

Rockwell Automation Vendor Cyber Rating & Cyber Score

rockwellautomation.com

At Rockwell Automation, we connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more intelligent, more connected and more productive. Throughout the world, our flagship Allen-Bradley® and Rockwell Software® product brands are recognized for innovation and excellence.


Rockwell Automation A.I CyberSecurity Scoring

Rockwell Automation
Company Information
Website:http://www.rockwellautomation.com/
Employees number:21,731
Number of followers:1,167,301
NAICS:33325
Industry Type:Automation Machinery Manufacturing
Homepage:rockwellautomation.com
Rockwell Automation Risk Score (AI oriented)
Between 750 and 799
logo
Rockwell AutomationAutomation Machinery Manufacturing
Updated:
13/04/2026
775/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Rockwell Automation Global Score (TPRM)
xxxx
logo
Rockwell AutomationAutomation Machinery Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Rockwell Automation
Rockwell AutomationFair
Current Score
775Baa (FAIR)
01000
5 incidents
-8 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
778Before Incident
JUNE 2026
777Before Incident
MAY 2026
776Before Incident
APRIL 2026
779Before Incident
Vulnerability
07 Apr 2026Rockwell Automation
Rockwell Automation: U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs

Thousands of Rockwell PLCs Exposed Online, Drawing Warnings from U.S. Agencies

775After Incident
CRITICAL-4
ROC1776083482
Thousands of Rockwell PLCs Exposed Online, Drawing Warnings from U.S. Agencies Researchers at Censys have identified 5,219 Rockwell Automation programmable logic controllers (PLCs) accessible via the internet, with a significant concentration in the United States, heightening risks to critical infrastructure. The exposure of these operational technology (OT) devices has raised concerns about exploitation by advanced persistent threat (APT) groups, particularly those linked to Iran. On April 7, 2026, the FBI, CISA, and NSA issued a joint advisory warning of active targeting by Iran-backed threat actors. The agencies emphasized the urgency of securing these systems, noting that such groups have historically sought to disrupt, gather intelligence, or demonstrate offensive capabilities against vulnerable OT environments. The advisory recommends immediate disconnection of internet-facing PLCs where possible, alongside network segmentation, multi-factor authentication, and timely patching for cases where disconnection isn’t feasible. Additional measures include intrusion detection systems, behavioral analytics, and enhanced monitoring to detect unauthorized activity. Exposed devices span energy, manufacturing, and water systems, sectors where a successful compromise could have severe economic and public safety consequences. The agencies stressed that operators must act swiftly to reduce the attack surface, as threat actors continue to scan for and exploit unsecured industrial systems at scale.
INCIDENT DETAILS -
TYPE
Exposure of Critical Infrastructure
MOTIVATION
DisruptionIntelligence gatheringDemonstration of offensive capabilities
IMPACT
Systems Affected: 5,219 Rockwell Automation PLCsOperational Impact: Potential severe economic and public safety consequences
MARCH 2026
794Before Incident
Cyber Attack
01 Mar 2026Rockwell Automation
Stryker and Rockwell Automation: Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn

U.S. Government Warns of Iranian Cyberattacks Targeting Critical Infrastructure

778After Incident
CRITICAL-16
STRROC1775594506
U.S. Government Warns of Iranian Cyberattacks Targeting Critical Infrastructure U.S. intelligence and cybersecurity agencies issued an urgent joint alert on Tuesday, warning that Iranian government-linked hackers are conducting disruptive cyberattacks against American energy and water infrastructure. The attacks, which have intensified since the onset of U.S.-Israel military strikes against Iran, specifically target operational technology (OT) systems, including programmable logic controllers (PLCs) from Rockwell Automation/Allen-Bradley. The alert issued by the FBI, NSA, CISA, EPA, Energy Department, and Cyber Command details how Iran-affiliated advanced persistent threat (APT) actors have exploited internet-facing OT devices, leading to disruptions in critical infrastructure sectors. These attacks involve malicious interactions with project files and manipulation of human-machine interface (HMI) and supervisory control and data acquisition (SCADA) systems, resulting in operational disruptions and financial losses for victims. Since March, the agencies have identified new victims tied to an Iranian APT group, with at least 75 devices compromised in earlier campaigns. Affected sectors include government services, water and wastewater systems (WWS), and energy. Some organizations have already experienced operational downtime due to the attacks. This latest wave follows previous warnings about Iranian cyber threats, including a 2023 attack on a Pennsylvania water facility. Recent targets have also included major corporations like medtech firm Stryker and local government entities. Separately, the FBI had previously flagged Iranian hackers using Telegram to distribute malware, though that campaign predates the current conflict.
INCIDENT DETAILS -
TYPE
Cyberattack
MOTIVATION
Disruptive cyberattacks in response to U.S.-Israel military strikes against Iran
IMPACT
Financial Loss: YesSystems Affected: Operational technology (OT) systems, PLCs, HMI, SCADA systemsDowntime: YesOperational Impact: Operational disruptions in critical infrastructure sectorsRevenue Loss: Yes
FEBRUARY 2026
794Before Incident
JANUARY 2026
797Before Incident
Vulnerability
13 Jan 2026Rockwell Automation
Güralp Systems, Rockwell Automation and YoSmart: CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing

CISA Publishes Advisories on Vulnerabilities in Rockwell Automation and YoSmart Products

793After Incident
CRITICAL-4
GURROCYOS1768400893
CISA Issues Critical ICS Advisories for Rockwell Automation and YoSmart Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three new advisories and updated an existing one on Tuesday, highlighting significant vulnerabilities in industrial control systems (ICS) from Rockwell Automation and YoSmart. The advisories address risks in critical manufacturing and global communications sectors, with potential impacts ranging from denial-of-service (DoS) conditions to unauthorized device control. ### Rockwell Automation Vulnerabilities 1. CVE-2025-9368 (CVSS 7.5) - Affects Rockwell Automation 432ES-IG3 Series A devices, specifically the GuardLink EtherNet/IP Interface. - The flaw stems from uncontrolled resource allocation, allowing attackers to trigger a DoS condition requiring a manual power cycle to restore functionality. - Mitigation: Users should upgrade to V2.001.9 or later; those unable to update should follow Rockwell’s security best practices. 2. CVE-2025-12807 (CVSS 8.8) - Impacts FactoryTalk DataMosaix Private Cloud (versions 7.11, 8.00, and 8.01). - The vulnerability involves SQL injection, enabling low-privilege users to execute unauthorized database operations via exposed API endpoints. - Mitigation: Update to Version 8.01.02 or later. ### YoSmart YoLink Smart Hub Vulnerabilities Multiple flaws were identified in the YoSmart YoLink ecosystem, affecting the Smart Hub, server, and mobile application (CVE-2025-59448, CVE-2025-59449, CVE-2025-59451, CVE-2025-59452), with a CVSS score of 5.8. - Exploitation Risks: - Remote device control of other users’ smart home devices. - Session hijacking and sensitive data interception due to weak authorization controls and predictable device IDs. - Cleartext transmission of data via unencrypted MQTT, exposing communications to interception or tampering. - Long-lived session tokens in the mobile app, increasing the risk of unauthorized access. - Technical Details: - The YoLink MQTT broker (through 2025-10-02) lacks sufficient authorization checks, allowing cross-account attacks if device IDs are obtained. - Device IDs are predictable, enabling attackers to gain control over any YoLink user’s devices. - API endpoints use MD5 hashing of non-secret data (e.g., MAC addresses), further weakening security. ### CISA’s Recommendations While no active exploitation has been reported, CISA advises organizations to: - Minimize network exposure for ICS devices, ensuring they are not internet-accessible. - Isolate control systems behind firewalls and separate them from business networks. - Use secure remote access methods, such as updated VPNs, when necessary. - Conduct risk assessments before deploying defensive measures. The advisories underscore ongoing risks in ICS environments, particularly in critical infrastructure sectors. Organizations are urged to apply patches and follow CISA’s Defense-in-Depth Strategies for proactive cybersecurity.
INCIDENT DETAILS -
TYPE
Denial-of-ServiceSQL InjectionUnauthorized AccessSession Hijacking
IMPACT
Sensitive database operationsPersonally identifiable informationSession tokensRockwell Automation 432ES-IG3 Series ARockwell Automation FactoryTalk DataMosaix Private CloudYoSmart YoLink Smart HubYoLink Mobile ApplicationDowntime: Manual power cycle required for recovery (Rockwell Automation 432ES-IG3 Series A)Denial-of-service conditionUnauthorized control of smart home devicesIdentity Theft Risk: High (due to PII exposure)
DATA BREACH
Database operationsSession tokensDevice identifiersSensitivity Of Data: High (PII, device control access)Data Exfiltration: Possible (via MQTT traffic interception)Data Encryption: Lacking (cleartext MQTT transmission)Personally Identifiable Information: Yes
DECEMBER 2025
796Before Incident
NOVEMBER 2025
796Before Incident
OCTOBER 2025
795Before Incident
SEPTEMBER 2025
795Before Incident
AUGUST 2025
795Before Incident
JUNE 2025
798Before Incident
Vulnerability
16 Jun 2025Rockwell Automation
Rockwell Automation

Critical Remote Code Execution Vulnerability in Rockwell Automation ControlLogix Ethernet Modules (CVE-2025-7353)

794After Incident
CRITICAL-4
ROC405081825
A critical security vulnerability (CVE-2025-7353, CVSS 9.8) was discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, exposing industrial control systems (ICS) to remote code execution (RCE) attacks. The flaw stems from an insecure default configuration in the web-based debugger (WDB) agent, left enabled in production environments. Unauthenticated attackers exploiting this vulnerability can dump memory, modify system operations, and manipulate industrial processes, posing severe risks to manufacturing, energy, or critical infrastructure.The affected modules (e.g., 1756-EN2T/D, 1756-EN3TR/B) serve as core interfaces between programmable automation controllers (PACs) and Ethernet networks. Successful exploitation could lead to operational disruptions, unauthorized access to sensitive data, or physical damage—such as halting factory production, tampering with safety systems, or causing cascading failures in industrial environments. While Rockwell released a patch (firmware 12.001), delayed updates increase exposure, particularly in sectors like energy, water treatment, or nuclear plants, where such attacks could escalate to life-threatening scenarios or regional economic threats if critical services are compromised.
INCIDENT DETAILS -
TYPE
VulnerabilityRemote Code Execution (RCE)Insecure Default Configuration
IMPACT
Operational dataSensitive industrial process information1756-EN2T/D≤11.0041756-EN2F/C≤11.0041756-EN2TR/C≤11.0041756-EN3TR/B≤11.0041756-EN2TP/A≤11.004Potential manipulation of industrial processesDisruption of manufacturing operationsUnauthorized access to control systems
DATA BREACH
Operational dataIndustrial process informationSystem memorySensitivity Of Data: High (industrial control system data)Data Exfiltration: Possible (memory dumps, system control)
APRIL 2025
792Before Incident
Vulnerability
01 Apr 2025Rockwell Automation
Rockwell Automation

Rockwell Automation Verve Asset Manager Vulnerability (CVE-2025-1449)

798After Incident
CRITICAL-6
ROC602040125
Rockwell Automation encountered a high-severity security vulnerability (CVE-2025-1449) in its Verve Asset Manager, affecting all versions up to 1.39. The flaw, due to inadequate input sanitization, could let attackers with administrative privileges execute arbitrary commands. With a CVSS base score of 9.1, the vulnerability poses a critical risk, potentially enabling the disruption of industrial processes, unauthorized access to sensitive data, or long-term presence within the network. Rockwell has released a patch in version 1.40 and recommends immediate upgrading to mitigate the issue.
INCIDENT DETAILS -
TYPE
Vulnerability Exploit
MOTIVATION
Disruption of Industrial ProcessesUnauthorized Access to Sensitive DataLong-term Presence Within the Network
IMPACT
Systems Affected: Verve Asset ManagerOperational Impact: Potential Disruption of Industrial Processes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Rockwell Automation ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Rockwell Automation's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Rockwell Automation's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Rockwell Automation ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Rockwell Automation's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?