CVE-2025-12011 in ControlLogixinfo

Summary

by MITRE • 07/14/2026

A denial-of-service issue exists in  5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fault (MNRF).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

This vulnerability represents a critical denial-of-service condition affecting specific controller models within the 5370/5570 series, where improper input validation creates a pathway for remote exploitation. The flaw manifests when a malicious actor loads an invalid project file into the system, triggering a cascading failure that results in a major non-recoverable fault state. This condition fundamentally compromises the operational integrity of affected devices by rendering them incapable of normal functioning without manual intervention or power cycling.

The technical implementation of this vulnerability stems from insufficient validation mechanisms within the controller's project loading subsystem. When processing project files, the system fails to properly sanitize or verify the integrity of incoming data structures, allowing malformed inputs to propagate through the execution pipeline. This weakness aligns with CWE-20, which addresses improper input validation as a foundational security flaw that enables various attack vectors including denial-of-service conditions. The vulnerability's remote exploitability suggests that network-accessible interfaces provide direct pathways for attackers to submit malicious project files without requiring physical proximity or local system access.

The operational impact of this vulnerability extends beyond simple service disruption to encompass complete system incapacitation. Once triggered, the major non-recoverable fault state prevents normal device operation and may require extensive recovery procedures including firmware reinstallation or hardware replacement. This represents a significant risk for industrial control systems where continuous operation is essential, as the time required to restore functionality can result in substantial production losses or safety hazards depending on the deployment environment.

Organizations deploying these controllers must implement immediate mitigations including network segmentation to limit access to critical system interfaces, deployment of intrusion detection systems to monitor for suspicious project file loading activities, and regular firmware updates from vendors when available. The ATT&CK framework's T1499.004 technique for "Network Denial of Service" applies directly to this vulnerability as it represents a remote exploitation vector that can cause system-wide service interruption through malformed input processing. Additionally, implementing strict access controls and network monitoring protocols will help detect potential exploitation attempts before they can successfully trigger the major non-recoverable fault condition.

Responsible

Rockwell

Reservation

10/21/2025

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!