Primary

Context

Rockwell Automation CompactLogix 5480 Code Execution Vulnerability

Vulnerability

A code execution vulnerability exists in the Rockwell Automation CompactLogix 5480 controller, specifically in versions 32 through 37.011 with the Windows package 2.1.0, Win10 v1607. This vulnerability allows an attacker with physical access to exploit the maintenance menu of the controller using a crafted payload, leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected controller.

Remediation

Best security practices should be applied. Consult the Rockwell Automation security best practices and system security design guidelines for more information.

Added: Sep 9, 2025, 1:19 PM

Updated: Sep 9, 2025, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation CompactLogix 5480 Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation CompactLogix 5480

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating