VYPR

Compactlogix Controllers

by Rockwellautomation

CVEs (25)

  • CVE-2012-6437CriJan 24, 2013
    risk 0.64cvss 9.8epss 0.10

    The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability,…

  • CVE-2012-6435HigJan 24, 2013
    risk 0.52cvss 7.5epss 0.42

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause…

  • CVE-2012-6442HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a…

  • CVE-2012-6438HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this…

  • CVE-2012-6436HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this…

  • CVE-2026-9307MedJun 16, 2026
    risk 0.41cvss epss 0.00

    A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can…

  • CVE-2019-10955MedApr 25, 2019
    risk 0.40cvss 6.1epss 0.03

    In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370…

  • CVE-2017-6024MedMay 6, 2017
    risk 0.39cvss 5.9epss 0.03

    A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an…

  • CVE-2012-6440MedJan 24, 2013
    risk 0.32cvss 4.8epss 0.08

    The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics…

  • CVE-2012-6441Jan 24, 2013
    risk 0.04cvss epss 0.54

    An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. …

  • CVE-2012-6439Jan 24, 2013
    risk 0.02cvss epss 0.28

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation…

  • CVE-2024-6207Oct 14, 2024
    risk 0.00cvss epss 0.01

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected…

  • CVE-2024-8626Oct 8, 2024
    risk 0.00cvss epss 0.01

    Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully…

  • CVE-2024-6077Sep 12, 2024
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

  • CVE-2024-7515Aug 14, 2024
    risk 0.00cvss epss 0.01

    CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.

  • CVE-2024-7507Aug 14, 2024
    risk 0.00cvss epss 0.01

    CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.

  • CVE-2024-5659Jun 14, 2024
    risk 0.00cvss epss 0.00

    Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the…

  • CVE-2024-3493Apr 15, 2024
    risk 0.00cvss epss 0.01

    A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and…

  • CVE-2022-3752Dec 19, 2022
    risk 0.00cvss epss 0.01

    An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes…

  • CVE-2022-3157Dec 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Page 1 of 2