Skip to main content

Rockwell Logix Controllers EUVDEUVD-2025-210461

| CVE-2025-12011 CRITICAL
Classic Buffer Overflow (CWE-120)
2026-07-14 Rockwell GHSA-m6r3-j7p8-mpv6
9.2
CVSS 4.0 · Vendor: Rockwell
Share

Severity by source

Vendor (Rockwell) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.6 HIGH

Network-reachable, low-complexity, no auth/interaction per vendor; availability-only impact with scope change since the controller fault propagates to the controlled physical process.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Primary rating from Vendor (Rockwell).

CVSS VectorVendor: Rockwell

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 15:38 vuln.today
CVE Published
Jul 14, 2026 - 15:03 cve.org
CRITICAL 9.2

DescriptionCVE.org

A denial-of-service issue exists in  5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fault (MNRF).

AnalysisAI

Remote denial-of-service in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 controllers allows a remote user to push a malformed project file that forces the controller into a Major Non-Recoverable Fault (MNRF), halting the controlled process until manual recovery. The CVSS 4.0 score of 9.2 reflects high availability impact on both the controller and the downstream physical process (VA:H/SA:H) with no authentication or user interaction required per the vendor vector. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the loss of a safety-rated (GuardLogix) controller makes availability the dominant concern.

Technical ContextAI

The affected devices are Allen-Bradley Logix-family programmable automation controllers (PACs) used in industrial control and safety instrumented systems; the GuardLogix variants are SIL-rated safety controllers. The CPE (cpe:2.3:a:rockwell_automation:...compactlogix®_5370...guardlogix®_5570) confirms the CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 lines. The vendor-supplied tag and CWE-120 (Classic Buffer Overflow / buffer copy without checking input size) indicate that parsing of an untrusted or malformed 'project' download overruns a fixed-size buffer in the controller firmware, corrupting execution state and triggering the controller's fail-safe MNRF condition rather than achieving code execution.

RemediationAI

Consult Rockwell advisory SD1781 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1781.html) for the fixed firmware revisions and upgrade the affected CompactLogix/ControlLogix/GuardLogix controllers to the vendor-patched version; the exact fix version is not present in the provided data, so treat this as 'patch available per vendor advisory' and verify the target revision against SD1781 before flashing. Because firmware upgrades on safety controllers require an outage and revalidation, apply compensating controls in the interim: restrict CIP/EtherNet-IP access to the controllers so only engineering workstations on a trusted OT subnet can perform project downloads (block the controller's programming path from IT and untrusted networks via firewall/ACL and CIP Security where supported), set the controller keyswitch to RUN to block remote mode changes and downloads where the process allows, and monitor for unexpected project download or connection attempts. Trade-off: keyswitch-in-RUN and download restrictions will block legitimate remote programming and require physical/on-site access for engineering changes.

Share

EUVD-2025-210461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy