CVE-2025-24478

Summary

A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationGuardLogix 5580 SIL 333.011affected
Rockwell AutomationGuardLogix 5580 SIL 333.012affected
Rockwell AutomationGuardLogix 5580 SIL 333.015affected
Rockwell AutomationGuardLogix 5580 SIL 334.011affected
Rockwell AutomationGuardLogix 5580 SIL 335.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 333.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 333.012affected
Rockwell AutomationCompact GuardLogix 5380 SIL 333.015affected
Rockwell AutomationCompact GuardLogix 5380 SIL 334.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 335.011affected

Weaknesses

  • CWE-755: CWE-755 Improper Handling of Exceptional Conditions

Workarounds

Restrict Access to the task object via CIP Security and Hard Run.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References