CVE-2025-7350 is a high-severity vulnerability affecting Rockwell Automation's Stratix IOS, specifically impacting Stratix 5410, 5700, and 8000 series devices running version 15.2(8)E5 and below. The vulnerability is classified under CWE-74, which involves improper neutralization of special elements in output used by a downstream component, commonly known as an injection flaw. This vulnerability allows an unauthenticated remote attacker to upload and execute malicious configurations on the affected devices, leading to remote code execution (RCE). The flaw stems from insufficient sanitization of input or configuration data that is processed by the device's operating system, enabling attackers to inject and execute arbitrary commands or code. The CVSS 4.0 base score is 8.6, reflecting a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:A). The impact on confidentiality, integrity, and availability is high, as successful exploitation can compromise the device entirely, potentially disrupting industrial network operations. Although no known exploits are currently reported in the wild, the vulnerability's nature and ease of exploitation make it a critical concern for industrial control systems relying on these devices. The vulnerability also affects multiple Cisco devices, indicating a shared underlying issue in the affected IOS versions or components. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring.

For European organizations, especially those operating in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Stratix devices are widely used in industrial networks for managing and securing Ethernet communications. Exploitation could lead to unauthorized control over network traffic, disruption of industrial processes, and potential safety hazards. The ability to execute code remotely without authentication means attackers could deploy ransomware, sabotage operations, or exfiltrate sensitive operational data. Given the interconnected nature of industrial networks and the increasing adoption of Industry 4.0 technologies in Europe, the impact could extend beyond individual organizations to affect supply chains and critical infrastructure resilience. Additionally, the high integrity and availability impact could cause prolonged downtime and financial losses. The requirement for user interaction slightly reduces the risk but does not eliminate it, as social engineering or automated attack vectors could facilitate exploitation.

1. Immediate network segmentation: Isolate Stratix devices from general IT networks and restrict access to trusted management stations only. 2. Implement strict access controls and monitoring: Use network intrusion detection systems (NIDS) and anomaly detection tailored for industrial protocols to identify suspicious configuration uploads or unusual device behavior. 3. Employ multi-factor authentication (MFA) for all management interfaces to reduce the risk of unauthorized access, even though the vulnerability does not require authentication, this limits other attack vectors. 4. Disable or restrict remote configuration upload capabilities where possible until patches are available. 5. Maintain up-to-date inventory and asset management to quickly identify affected devices and prioritize remediation. 6. Engage with Rockwell Automation for timely patch releases and apply updates as soon as they become available. 7. Conduct regular security awareness training focused on phishing and social engineering to mitigate the user interaction requirement. 8. Use network-level filtering to block known malicious IP addresses and restrict outbound connections from Stratix devices to only necessary endpoints. 9. Implement logging and audit trails for configuration changes to enable rapid incident response and forensic analysis.