Primary

Context

Rockwell Automation Studio 5000 Logix Designer Arbitrary Code Execution Vulnerability

Vulnerability

Patched

An arbitrary code execution vulnerability has been identified in Rockwell Automation's Studio 5000 Logix Designer, versions 36.00.02 prior to 37.00.02. This vulnerability arises from improper handling of environment variables, which could potentially allow the execution of malicious code without causing the application to crash. However, if the specified path does not contain a valid file, Logix Designer will crash.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution within the application.

Remediation

Users are advised to update to version 37.00.02 or later. For those unable to upgrade, security best practices should be followed.

Added: Aug 14, 2025, 3:57 PM

Updated: Aug 14, 2025, 3:57 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

3.3

remediation

7.9

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

3.3

remediation

7.9

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Studio 5000 Logix Designer Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Studio 5000 Logix Designer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating