Denial-of-Service Vulnerability in Rockwell Automation Controllers
CVE-2025-12012

9.2CRITICAL

What is CVE-2025-12012?

A significant denial-of-service vulnerability has been identified in Rockwell Automation's 5380, 5480, and 5580 controllers. This issue could enable an attacker to write invalid file data to the device, resulting in a severe non-recoverable fault (MNRF). If exploited, this could lead to a disruption of service and potential operational failure, highlighting the importance of addressing this vulnerability to maintain the integrity and availability of the affected systems.

Affected Version(s)

CompactLogix® 5370 Compact GuardLogix® 5370 ControlLogix® 5570 GuardLogix® 5570 V34.012 and earlier V35.011 and earlier

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.