Path Traversal in Rockwell Automation Studio 5000® Simulation Interface™
CVE-2025-11696
A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.002 (4.8th percentile) — read the EPSS interpretation.
Affected products
- Rockwell Automation Studio 5000® Simulation Interface™ — versions 2.02 and prior