CVE 8.9 HIGH

Studio 5000 ® Simulation Interface Local Code Execution_CVE-2025-11697

November 11, 2025 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.

AI Analysis

Local code execution vulnerability in Studio 5000 Simulation Interface via API, allowing execution of scripts with Administrator privileges

Basic Information

ID CVE-2025-11697

Source Rockwell

Published Nov 11, 2025 at 13:49

Affected Product

Vendor Rockwell Automation

Product Studio 5000 ® Simulation Interface

Version 2.02 and prior

Affected Versions Rockwell Automation Studio 5000 ® Simulation Interface 2.02 and prior

CWE Classification

CWE-200

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor Rockwell Automation

Product Studio 5000 Simulation Interface

Version 2.02 and prior

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1760.html

{
    "lastseen": "",
    "description": "A local code execution security issue exists within Studio 5000\u00ae Simulation Interface\u2122 via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.",
    "published": "2025-11-11T13:49:49.524Z",
    "modified": "2025-11-11T13:49:49.524Z",
    "type": "cve",
    "title": "Studio 5000 \u00ae Simulation Interface Local Code Execution",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html",
    "id": "CVE-2025-11697",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Studio 5000 \u00ae Simulation Interface 2.02 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Studio 5000 \u00ae Simulation Interface",
    "version": "2.02 and prior",
    "vendor": "Rockwell Automation",
    "ai_description": "Local code execution vulnerability in Studio 5000 Simulation Interface via API, allowing execution of scripts with Administrator privileges",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "Studio 5000 Simulation Interface",
    "ai_version": "2.02 and prior",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply