Rockwell ControlLogix® 5580 V35.013 Denial-Of-Service
Monitor7.5SD1747Sep 9, 2025
Summary
The Rockwell ControlLogix 5580 V35.013 is vulnerable to a denial-of-service attack triggered by a specially crafted message sent over the network. The vulnerability affects all versions of this firmware. An attacker with network access to the device can crash the PLC, rendering it unresponsive and disrupting process control. No firmware patch is currently available from Rockwell Automation.
What this means
What could happen
A remotely-triggered denial-of-service condition could crash the ControlLogix 5580 PLC, interrupting process control for manufacturing, water treatment, or power distribution systems until the device is manually rebooted.
Who's at risk
Manufacturing plants, water authorities, electric utilities, and other critical infrastructure operators using Rockwell ControlLogix 5580 PLCs for supervisory control and process automation are at risk. Any facility relying on this PLC for continuous process operation is affected.
How it could be exploited
An attacker with network access to the ControlLogix 5580's Ethernet port can send a specially crafted message to trigger the DoS condition, causing the device to become unresponsive without requiring valid credentials or physical access.
Prerequisites
- Network access to the ControlLogix 5580 device (typically port 44818 for EtherNet/IP)
- No authentication or credentials required
remotely exploitableno authentication requiredno patch availableaffects safety systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ControlLogix 5580 V35.013All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDIsolate ControlLogix 5580 PLCs from untrusted networks using a firewall or network segmentation; restrict inbound access to only authorized engineering workstations and HMIs
HARDENINGMonitor network traffic to the ControlLogix 5580 for anomalous EtherNet/IP messages and alert on suspicious connection attempts
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDEstablish a documented restart procedure and train operators to quickly restore the PLC to operation if a DoS event occurs
Mitigations - no patch available
0/1ControlLogix 5580 V35.013 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement a network access control (NAC) policy to ensure only approved devices can communicate with the PLC
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/435969bc-582c-451e-89c2-7e5c5be7dfe4