Primary

Context

Rockwell Automation ControlLogix 5580 Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Rockwell Automation ControlLogix 5580 controller, specifically in version 35.013. This issue arises because the controller continuously tries to forward messages, which can lead to a major nonrecoverable fault, causing the controller to fail and not recover properly.

Impact

Exploitation of this vulnerability can cause a significant nonrecoverable fault on the affected controller, leading to a major failure that cannot be recovered from.

Remediation

Users can upgrade to version 35.014 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Sep 9, 2025, 1:17 PM

Updated: Sep 9, 2025, 4:49 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation ControlLogix 5580 Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation ControlLogix 5580

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating