Security/ ics-security · vulnerabilities · industrial-control-systems · rockwell-automation

Rockwell PLC Flaws Put Factory Floors at Risk of Shutdown

Three buffer overflow bugs in Rockwell PLCs let unauthenticated remote attackers crash industrial controllers into an unrecoverable fault.

Three denial-of-service vulnerabilities in Rockwell Automation's CompactLogix, ControlLogix, and GuardLogix controllers can crash industrial devices into an unrecoverable state - no authentication required.

A federal advisory covers three CVEs (CVE-2025-12011, CVE-2025-12012, and CVE-2025-11698) affecting nearly every variant of Rockwell's Logix controller family, including safety-rated GuardLogix models used in high-stakes environments. The flaws are classic buffer overflows: one lets a remote attacker load an invalid project to force a major non-recoverable fault on 5370/5570 controllers; another lets an attacker write invalid file data to trigger the same outcome on 5380/5480/5580 models. All three carry a CVSS 4.0 score of 9.2 and require no privileges or user interaction to exploit. Recovery Image firmware at or below version 1.072 is also affected; those operators should upgrade to V36.013 or V37.011 or later, which ships with corrected boot firmware.

Rockwell's Logix family runs factory automation, automotive assembly, and other critical manufacturing infrastructure worldwide. A successful attack doesn't just pause a process - a major non-recoverable fault requires physical intervention to restore, turning a remote network exploit into a plant-floor crisis.

ICS vulnerabilities with unauthenticated remote access have been climbing for years, yet OT patch cycles routinely stretch months - giving attackers a long window to work with.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →