Rockwell Automation CompactLogix® 5480

MonitorCVSS 6.8ICS-CERT ICSA-25-252-06Sep 9, 2025

Rockwell Automation

Attack path

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CompactLogix 5480 controllers are vulnerable to arbitrary code execution without authentication. The vulnerability is not remotely exploitable and requires physical access to the device. Successful exploitation could result in arbitrary code execution on the controller. Rockwell Automation has not released a patch and does not plan to fix this vulnerability.

What this means

What could happen

An attacker with physical access to the CompactLogix 5480 controller could execute arbitrary code, potentially altering process logic, disabling safety functions, or corrupting the control program.

Who's at risk

Industrial facilities using Rockwell Automation CompactLogix 5480 controllers for critical process automation, including water treatment plants, power distribution systems, and manufacturing facilities where loss of process control or safety function compromise could disrupt operations or cause equipment damage.

How it could be exploited

An attacker must have physical access to the CompactLogix 5480 device to exploit this vulnerability. Once physical access is obtained, they can execute arbitrary code on the controller without authentication, allowing them to modify control logic or disable safety functions.

Prerequisites

Physical access to the CompactLogix 5480 controller
No credentials or authentication required

no authentication requiredno patch availableaffects industrial controllers

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

CompactLogix® 5480: 32-37.011_with_Windows_package_2.1.0_Win10_v160732-37.011 with Windows package 2.1.0 Win10 v1607No fix yet

CompactLogix 5480 CodeAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict physical access to CompactLogix 5480 controllers using locked cabinets, restricted areas, or security enclosures

HARDENINGEnsure the CompactLogix 5480 is not accessible from the internet or untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate the control system network from the business network using firewalls and network segmentation

HARDENINGIf remote access is required, implement VPN access with current security updates and restrict to authorized personnel only

Mitigations - no patch available

0/1

CompactLogix 5480 Code has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for suspected malicious activity and report incidents to CISA

CVEs (1)

CVE-2025-9160

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/67d63862-8f21-4b54-9602-b87b732825ac

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.