Denial-of-Service Vulnerability in Rockwell Automation Controllers
CVE-2025-11698

9.2CRITICAL

What is CVE-2025-11698?

A denial-of-service issue has been identified in the boot firmware of Rockwell Automation's 5380, 5480, and 5580 controllers, specifically in versions prior to 1.072. This vulnerability allows a malicious user to potentially write invalid file data to the controller, which can trigger a major non-recoverable fault (MNRF), disrupting operations and affecting system stability. It is crucial for users to upgrade their firmware to mitigate the risk of such attacks.

Affected Version(s)

CompactLogix® 5380 Recovery Image Compact GuardLogix® 5380 Recovery Image CompactLogix® 5480 Recovery Image ControlLogix® 5580 Recovery Image GuardLogix® 5580 Recovery Image Boot firmware versions before 1.072

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.