Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
Monthly
Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.
Remote denial-of-service in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 controllers allows a remote user to push a malformed project file that forces the controller into a Major Non-Recoverable Fault (MNRF), halting the controlled process until manual recovery. The CVSS 4.0 score of 9.2 reflects high availability impact on both the controller and the downstream physical process (VA:H/SA:H) with no authentication or user interaction required per the vendor vector. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the loss of a safety-rated (GuardLogix) controller makes availability the dominant concern.
Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.
Remote denial-of-service in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 controllers allows a remote user to push a malformed project file that forces the controller into a Major Non-Recoverable Fault (MNRF), halting the controlled process until manual recovery. The CVSS 4.0 score of 9.2 reflects high availability impact on both the controller and the downstream physical process (VA:H/SA:H) with no authentication or user interaction required per the vendor vector. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the loss of a safety-rated (GuardLogix) controller makes availability the dominant concern.