Rockwell CompactLogix® 5370 Denial of Service Vulnerability
Monitor6.5SD1770Jan 20, 2026
Summary
Rockwell Automation CompactLogix 5370 controllers contain a denial of service vulnerability (CVSS 6.5) that allows remote attackers to cause the controller to become unresponsive via specially crafted network packets. The vulnerability affects all versions of the CompactLogix 5370 platform. No firmware patch is available from the vendor. Affected devices will require isolation through network segmentation and access controls to mitigate exposure.
What this means
What could happen
An attacker could disrupt communications with the CompactLogix 5370 controller, causing loss of control over automated processes and equipment in the field until the controller is restarted.
Who's at risk
This affects manufacturing, water treatment, and utility automation facilities that rely on CompactLogix 5370 controllers for critical process control. Any organization using these controllers in production environments should assess their network exposure and access controls.
How it could be exploited
An attacker with network access to the CompactLogix 5370 could send specially crafted network packets that cause the controller to become unresponsive. The attacker does not need to authenticate or have any special permissions; the vulnerability is triggered by network communication alone.
Prerequisites
- Network access to CompactLogix 5370 controller on the industrial network or connected segments
- Ability to send packets to the controller's communication interface
remotely exploitableno authentication requiredno patch availableaffects control system availability
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
CompactLogix 5370 DenialAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDMaintain a documented restart procedure and ensure on-site personnel are trained to detect unresponsiveness and quickly reboot affected controllers
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGIsolate CompactLogix 5370 controllers on a separate network segment with strict firewall rules to limit access only to authorized engineering workstations and SCADA systems
HARDENINGReview and restrict network access to CompactLogix 5370 controllers; disable any unused communication protocols or ports
Mitigations - no patch available
0/1CompactLogix 5370 Denial has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network monitoring to detect unusual communication patterns or repeated connection attempts to CompactLogix 5370 devices
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/406b5478-04bf-4bde-bad4-323231700261