Rockwell Automation Compact GuardLogix 5370

Plan PatchCVSS 7.5ICS-CERT ICSA-25-294-02Oct 14, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Rockwell Automation Compact GuardLogix 5370 controllers (all versions, with a confirmed fix path for versions ≤30.012). Successful exploitation results in loss of availability of the safety controller. No public exploitation has been reported.

What this means

What could happen

An attacker could cause a denial-of-service condition on the Compact GuardLogix 5370 controller, disrupting safety logic execution and potentially leaving industrial processes in an unsafe or undefined state.

Who's at risk

Organizations operating Rockwell Automation Compact GuardLogix 5370 safety controllers—commonly used in machinery guarding, functional safety interlocks, and emergency shutdown systems across manufacturing, food processing, and discrete automation environments—should prioritize this vulnerability.

How it could be exploited

An attacker with network access to the controller sends a specially crafted message that triggers the vulnerability, causing the device to become unresponsive or crash. This stops the execution of safety-critical logic programmed on the device.

Prerequisites

Network access to the Compact GuardLogix 5370 controller
No authentication required

remotely exploitableno authentication requiredlow complexityaffects safety systemsdenial-of-service impact

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

Compact GuardLogix 5370All versionsNo fix (EOL)

Compact GuardLogix 5370: <=30.012≤ 30.01230.14+

Remediation & Mitigation

0/4

Do now

0/1

Compact GuardLogix 5370

HARDENINGEnsure Compact GuardLogix 5370 controllers are not reachable directly from the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Compact GuardLogix 5370

HOTFIXUpgrade Compact GuardLogix 5370 controllers to firmware version 30.14 or later

Mitigations - no patch available

0/2

Compact GuardLogix 5370 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlace Compact GuardLogix 5370 controllers behind a firewall and isolate the safety control system network from the business network

HARDENINGIf remote access to controllers is required, restrict it through secure VPN connections and limit access to authorized engineering personnel only

CVEs (1)

CVE-2025-9124

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/da48a7f9-1aa4-459f-8571-b52c2158b540

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.