Three denial-of-service vulnerabilities in Rockwell Automation's CompactLogix, ControlLogix, and GuardLogix controllers can crash industrial devices into an unrecoverable state - no authentication required.
A federal advisory covers three CVEs (CVE-2025-12011, CVE-2025-12012, and CVE-2025-11698) affecting nearly every variant of Rockwell's Logix controller family, including safety-rated GuardLogix models used in high-stakes environments. The flaws are classic buffer overflows: one lets a remote attacker load an invalid project to force a major non-recoverable fault on 5370/5570 controllers; another lets an attacker write invalid file data to trigger the same outcome on 5380/5480/5580 models. All three carry a CVSS 4.0 score of 9.2 and require no privileges or user interaction to exploit. Recovery Image firmware at or below version 1.072 is also affected; those operators should upgrade to V36.013 or V37.011 or later, which ships with corrected boot firmware.
Rockwell's Logix family runs factory automation, automotive assembly, and other critical manufacturing infrastructure worldwide. A successful attack doesn't just pause a process - a major non-recoverable fault requires physical intervention to restore, turning a remote network exploit into a plant-floor crisis.
ICS vulnerabilities with unauthenticated remote access have been climbing for years, yet OT patch cycles routinely stretch months - giving attackers a long window to work with.