OTPulse
FeedAboutContact

Rockwell Automation Compact GuardLogix 5370

Plan Patch7.5ICS-CERT ICSA-25-294-02Oct 21, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Compact GuardLogix 5370 contains a denial-of-service vulnerability (CWE-248) that allows a remote attacker without credentials to stop the controller from responding to inputs or commands. Successful exploitation results in a halt of safety-critical functions and process operations on affected devices running firmware version 30.012 and earlier.

What this means
What could happen
An attacker could stop the GuardLogix 5370 safety controller from responding to inputs or commands, causing it to fail to execute safety-critical functions or halt normal process operations.
Who's at risk
Water utilities and municipalities using Compact GuardLogix 5370 safety controllers for process automation, safety-critical functions (such as flow control, pressure monitoring, or interlock logic), and machinery protection. Any facility relying on this controller for operational continuity.
How it could be exploited
An attacker with network access to the Compact GuardLogix 5370 controller can send a specially crafted network packet to trigger a denial-of-service condition. The attacker does not need credentials or user interaction, and the exploit can be executed from the network without requiring physical access.
Prerequisites
  • Network access to the Compact GuardLogix 5370 controller
  • No authentication required
Remotely exploitableNo authentication requiredLow complexityDenial-of-service impactAffects safety systemsNo patch available (end-of-life)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Compact GuardLogix 5370: <=30.012≤ 30.01230.14 or later
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the controller using firewall rules to allow only necessary engineering workstations and control networks
HARDENINGEnsure the controller is not reachable from the internet or business network; isolate it to a dedicated control system network
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Compact GuardLogix 5370 firmware to version 30.14 or later
Long-term hardening
0/1
HARDENINGIf remote access to the controller is needed, use a VPN with current security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/da48a7f9-1aa4-459f-8571-b52c2158b540
Rockwell Automation Compact GuardLogix 5370 | CVSS 7.5 - OTPulse