Path Traversal in Rockwell Automation Studio 5000® Simulation Interface™

CVE-2025-11696

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (4.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References