VYPR

Controllogix

by Rockwellautomation

CVEs (21)

  • CVE-2012-6437CriJan 24, 2013
    risk 0.64cvss 9.8epss 0.10

    The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability,…

  • CVE-2012-6435HigJan 24, 2013
    risk 0.52cvss 7.5epss 0.42

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause…

  • CVE-2012-6438HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this…

  • CVE-2012-6436HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this…

  • CVE-2024-6242HigAug 1, 2024
    risk 0.47cvss epss 0.09

    A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that…

  • CVE-2012-6440MedJan 24, 2013
    risk 0.32cvss 4.8epss 0.08

    The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics…

  • CVE-2012-6441Jan 24, 2013
    risk 0.04cvss epss 0.54

    An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. …

  • CVE-2012-6439Jan 24, 2013
    risk 0.02cvss epss 0.28

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation…

  • CVE-2025-9166Sep 9, 2025
    risk 0.00cvss epss 0.00

    A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller.

  • CVE-2024-6207Oct 14, 2024
    risk 0.00cvss epss 0.01

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected…

  • CVE-2024-6077Sep 12, 2024
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

  • CVE-2024-40619Aug 14, 2024
    risk 0.00cvss epss 0.01

    CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

  • CVE-2024-5659Jun 14, 2024
    risk 0.00cvss epss 0.00

    Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the…

  • CVE-2024-3493Apr 15, 2024
    risk 0.00cvss epss 0.01

    A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and…

  • CVE-2024-21916Jan 31, 2024
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

  • CVE-2022-3752Dec 19, 2022
    risk 0.00cvss epss 0.01

    An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes…

  • CVE-2022-3157Dec 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

  • CVE-2020-6998Jul 27, 2022
    risk 0.00cvss epss 0.02

    The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP…

  • CVE-2022-1797May 31, 2022
    risk 0.00cvss epss 0.02

    A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the…

  • CVE-2022-1161Apr 11, 2022
    risk 0.00cvss epss 0.05

    An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an…

Page 1 of 2