Denial-of-Service Vulnerability in Rockwell Automation Products
CVE-2025-9124

8.7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Compact Guardlogix® 5370
Vendor: CVE Published:; 14 October 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-9124?

A denial-of-service vulnerability exists within various Rockwell Automation products due to improper handling of crafted CIP unconnected explicit messages. When such messages are processed, they may trigger significant non-recoverable faults in the system, leading to substantial service interruptions. Organizations using these products should implement the recommended security measures to mitigate the potential impact.

Affected Version(s)

Compact GuardLogix® 5370 Version 30.012 and prior

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 18, 2025

JSON