Rockwell Automation CompactLogix 5370

MonitorCVSS 6.5ICS-CERT ICSA-26-022-03Jan 20, 2026

Rockwell Automation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CompactLogix 5370 PLCs with firmware versions 37.010 and earlier, 36.011 and earlier, 35.012 and earlier, and 34.013 and earlier are vulnerable to a denial-of-service condition. Successful exploitation allows an attacker on the local network segment to cause the PLC to become unresponsive. Rockwell Automation has released fixed versions: 37.011 and later, 34.016, 35.015, and 36.012. Devices running older versions should be updated or protected through network segmentation.

What this means

What could happen

An attacker on your local network could send a specially crafted packet to the CompactLogix 5370 PLC, causing it to stop responding. This would interrupt any process the PLC controls until it is manually restarted.

Who's at risk

Water authorities and electric utilities using CompactLogix 5370 PLCs in pump stations, treatment facilities, or distribution control systems should review their firmware versions. This affects any process controlled by the affected PLC models.

How it could be exploited

An attacker with access to the network segment where the CompactLogix 5370 is deployed sends a malicious packet to the device. The PLC fails to handle the packet correctly and becomes unresponsive, effectively halting the process it controls.

Prerequisites

Network access to the CompactLogix 5370 on the local network (AV:A indicates adjacent network, likely Ethernet)
No credentials or special configuration required
Device must be running one of the affected firmware versions

Remotely exploitable from local network segmentLow attack complexityNo authentication requiredAffects availability of critical processesMultiple firmware versions lack patches

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

3 pending1 EOL

ProductAffected VersionsFix Status

CompactLogix 5370 DenialAll versionsNo fix (EOL)

CompactLogix 5370: <=34.013≤ 34.013No fix yet

CompactLogix 5370: <=35.012≤ 35.012No fix yet

CompactLogix 5370: 36.01136.011No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to CompactLogix 5370 devices using firewall rules or network segmentation to allow only authorized engineering and production workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CompactLogix 5370 firmware to version 37.011 or later, or to version 34.016, 35.015, or 36.012 depending on your current firmware branch

Mitigations - no patch available

0/1

CompactLogix 5370 Denial has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the CompactLogix 5370 and other control devices on a separate VLAN or subnet from general corporate IT networks

CVEs (1)

CVE-2025-11743

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/671943d8-d05b-422d-954e-f830329527c8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.