CVE-2025-9124
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-14
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwell_automation | compact_guardlogix | 30.14 |
| rockwell_automation | compact_guardlogix | 30.012 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in the Rockwell Automation Compact GuardLogix 5370 programmable automation controller. It occurs when a specially crafted CIP (Common Industrial Protocol) unconnected explicit message is sent to the device, triggering a major non-recoverable fault (MNRF) that causes the system to stop functioning properly and not recover. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that it can cause the affected controller to experience a major non-recoverable fault, resulting in the system stopping its operation and not recovering. This denial-of-service condition can disrupt industrial automation processes that rely on the controller, potentially leading to operational downtime and loss of control over safety and motion functions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for specially crafted CIP unconnected explicit messages sent to the affected Rockwell Automation Compact GuardLogix 5370 controllers (version 30.012 and earlier). Network traffic analysis tools can be used to inspect EtherNet/IP traffic for unusual or malformed CIP messages. Specific commands are not provided in the available resources. Users should monitor for system crashes or major non-recoverable faults (MNRF) on the device, which indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the affected Rockwell Automation Compact GuardLogix 5370 controller software to version 30.14 or later, where the vulnerability has been corrected. If upgrading immediately is not possible, users should follow Rockwell Automation's security best practices to reduce exposure. No workaround is available. Additionally, subscribing to Rockwell Automation security alerts and reviewing vulnerability policies is recommended. [1]