Summary
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.
The following versions of Rockwell Automation CompactLogix 5370 are affected:
- CompactLogix 5370 (CVE-2025-11743)
- CompactLogix 5370 (CVE-2025-11743)
- CompactLogix 5370 (CVE-2025-11743)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.5 | Rockwell Automation | Rockwell Automation CompactLogix 5370 | Improper Validation of Specified Quantity in Input |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2025-11743
The affected product is vulnerable to a denial-of-service issue. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault, which would require a restart to recover.
Affected Products
Rockwell Automation CompactLogix 5370
Vendor:
Rockwell Automation
Rockwell Automation
Product Version:
Rockwell Automation CompactLogix 5370: <=34.013, Rockwell Automation CompactLogix 5370: <=35.012, Rockwell Automation CompactLogix 5370: 36.011
Rockwell Automation CompactLogix 5370: <=34.013, Rockwell Automation CompactLogix 5370: <=35.012, Rockwell Automation CompactLogix 5370: 36.011
Product Status:
known_affected
known_affected
Remediations
Mitigation
Rockwell Automation reports that the following versions are fixed:
Mitigation
Versions 37.011 and late
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: