Denial-of-Service Vulnerability in Rockwell Automation 5370/5570 Controllers
CVE-2025-12011

9.2CRITICAL

What is CVE-2025-12011?

A significant vulnerability exists in Rockwell Automation's 5370 and 5570 controllers, where a remote attacker could exploit this flaw by loading an invalid project. This action potentially triggers a major non-recoverable fault (MNRF), resulting in a complete failure of the device, which may lead to system downtime. It is crucial for users of these controllers to implement necessary mitigations to safeguard against such remote exploitation.

Affected Version(s)

CompactLogix® 5370 Compact GuardLogix® 5370 ControlLogix® 5570 GuardLogix® 5570 35.015 and earlier

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.