Denial-of-Service Vulnerability in Rockwell Automation Controllers
CVE-2025-12012
9.2CRITICAL
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2025-12012?
A significant denial-of-service vulnerability has been identified in Rockwell Automation's 5380, 5480, and 5580 controllers. This issue could enable an attacker to write invalid file data to the device, resulting in a severe non-recoverable fault (MNRF). If exploited, this could lead to a disruption of service and potential operational failure, highlighting the importance of addressing this vulnerability to maintain the integrity and availability of the affected systems.
Affected Version(s)
CompactLogix® 5370 Compact GuardLogix® 5370 ControlLogix® 5570 GuardLogix® 5570 V34.012 and earlier V35.011 and earlier