Denial-of-Service Vulnerability in Rockwell Automation Controllers
CVE-2025-11698
9.2CRITICAL
Key Information:
What is CVE-2025-11698?
A denial-of-service issue has been identified in the boot firmware of Rockwell Automation's 5380, 5480, and 5580 controllers, specifically in versions prior to 1.072. This vulnerability allows a malicious user to potentially write invalid file data to the controller, which can trigger a major non-recoverable fault (MNRF), disrupting operations and affecting system stability. It is crucial for users to upgrade their firmware to mitigate the risk of such attacks.
Affected Version(s)
CompactLogix® 5380 Recovery Image Compact GuardLogix® 5380 Recovery Image CompactLogix® 5480 Recovery Image ControlLogix® 5580 Recovery Image GuardLogix® 5580 Recovery Image Boot firmware versions before 1.072