Rockwell Compact GuardLogix® 5370 Denial-Of-Service Vulnerability
Monitor7.5SD1755Oct 14, 2025
Summary
Compact GuardLogix 5370 controllers contain a denial-of-service vulnerability. The vulnerability allows an attacker to cause the device to stop responding to legitimate requests, disrupting the safety and control functions of the equipment it manages.
What this means
What could happen
An attacker could cause the GuardLogix controller to become unresponsive, halting safety monitoring and control operations until the device is manually recovered. This could result in unsafe conditions or unwanted equipment shutdown.
Who's at risk
Safety-critical control systems rely on GuardLogix controllers, particularly in manufacturing, chemical processing, and machinery protection applications. Any facility using Compact GuardLogix 5370 for safety-interlock or emergency-stop monitoring should be concerned.
How it could be exploited
An attacker with network access to the GuardLogix controller could send crafted network packets to trigger the denial-of-service condition, rendering the device unresponsive and blocking legitimate communication from engineering workstations or other control systems.
Prerequisites
- Network access to the Compact GuardLogix 5370 controller
- Knowledge of or ability to craft specific packet sequences that trigger the DoS condition
remotely exploitableno patch availableaffects safety systemshigh CVSS score (7.5)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Compact GuardLogix 5370All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation to restrict access to GuardLogix controllers; place them on a protected industrial network segment with firewall rules that allow only authorized engineering workstations and control systems
WORKAROUNDDisable or restrict remote access protocols (such as Ethernet messaging) to the GuardLogix unless explicitly required for operations
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic to the controller for anomalous packet patterns and alert on repeated failed connection attempts
Mitigations - no patch available
0/1Compact GuardLogix 5370 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate replacement with a patched Compact GuardLogix model or alternative safety controller vendor if security posture is critical
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bf3bc02d-90e0-4e1f-bf97-f380d570b742