OTPulse
FeedAboutContact

Rockwell Automation CompactLogix 5370

Monitor6.5ICS-CERT ICSA-26-022-03Jan 22, 2026
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

This vulnerability in CompactLogix 5370 controllers allows a denial-of-service condition when an attacker sends a crafted packet or command to the device. The attack requires only network adjacency (same network segment) and no credentials. Successful exploitation causes the controller to stop responding, interrupting automated control until the device is restarted. The vulnerability affects versions 34.013 and earlier, 35.012 and earlier, and 36.011.

What this means
What could happen
An attacker with network access to a CompactLogix 5370 controller could cause it to stop responding to requests, interrupting production until the device is restarted.
Who's at risk
Manufacturing facilities and utility operators using Rockwell Automation CompactLogix 5370 controllers in production lines, water treatment systems, or power distribution automation. This affects any organization relying on these programmable logic controllers for critical process automation.
How it could be exploited
An attacker on the same network segment (requires adjacent network access, no authentication) sends a crafted packet or command to the controller, triggering a denial-of-service condition that freezes the device's responsiveness.
Prerequisites
  • Network access to CompactLogix 5370 controller on the same network segment (AV:A indicates adjacent network)
  • No authentication required
  • No special configuration needed
Remotely exploitable from adjacent network segmentNo authentication requiredLow complexity attackAffects operational availabilityDenial of service impact
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
CompactLogix 5370: <=34.013≤ 34.013No fix yet
CompactLogix 5370: <=35.012≤ 35.012No fix yet
CompactLogix 5370: 36.01136.011No fix yet
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CompactLogix 5370 controllers to firmware version 37.011 or later
HOTFIXFor 34.x series: upgrade to version 34.016 or later
HOTFIXFor 35.x series: upgrade to version 35.015 or later
HOTFIXFor 36.x series: upgrade to version 36.012 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to restrict access to CompactLogix 5370 controllers from untrusted network segments
HARDENINGApply Rockwell Automation security best practices (see advisory SD1770) for defense in depth
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/671943d8-d05b-422d-954e-f830329527c8
Rockwell Automation CompactLogix 5370 | CVSS 6.5 - OTPulse