Primary

Context

Rockwell Automation Compact GuardLogix 5370 Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Rockwell Automation Compact GuardLogix 5370 controller, specifically in versions through 30.012. The issue arises when a crafted CIP unconnected explicit message is sent, leading to a major non-recoverable fault that disrupts the controller's normal functioning.

Impact

Exploitation of this vulnerability causes a major non-recoverable fault, disrupting the normal operation of the affected controller and preventing it from recovering or functioning properly.

Remediation

Users can upgrade to version 30.14 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Oct 14, 2025, 1:18 PM

Updated: Oct 14, 2025, 11:31 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Compact GuardLogix 5370 Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Compact GuardLogix 5370

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating