1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: Compact GuardLogix 5370
- Vulnerability: Uncaught Exception
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Compact GuardLogix 5370 are affected:
- Compact GuardLogix 5370: All versions prior to 30.012
3.2 VULNERABILITY OVERVIEW
3.2.1 UNCAUGHT EXCEPTION CWE-248
A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault.
CVE-2025-9124 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-9124. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Rockwell Automation reported this vulnerability to CISA.
4. MITIG
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: