CVE-2025-11698: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Rockwell Automation CompactLogix® 5380 Recovery Image Compact GuardLogix® 5380 Recovery Image CompactLogix® 5480 Recovery Image ControlLogix® 5580 Recovery Image GuardLogix® 5580 Recovery Image
A critical buffer overflow vulnerability (CVE-2025-11698) affects Rockwell Automation 5380, 5480, and 5580 series controllers with boot firmware versions lower than 1.072. This flaw allows a malicious user to write invalid file data to the controller, causing it to enter a major non-recoverable fault (MNRF), resulting in denial of service. The vulnerability is due to improper size checking during buffer copy operations in the boot firmware. No official patch or remediation guidance is currently provided by the vendor.
AI Analysis
Technical Summary
CVE-2025-11698 is a classic buffer overflow vulnerability (CWE-120) in the boot firmware of Rockwell Automation CompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, and GuardLogix 5580 controllers. The issue exists in firmware versions prior to 1.072 and allows an unauthenticated attacker to write invalid file data to the device. This can cause the controller to enter a major non-recoverable fault state, effectively causing a denial-of-service condition. The vulnerability has a CVSS 4.0 base score of 9.2, indicating critical severity. No known exploits are reported in the wild, and no vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation results in a denial-of-service condition where the affected controller enters a major non-recoverable fault (MNRF) state, disrupting normal operation. This can impact industrial control systems relying on these controllers, potentially causing operational downtime.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected controllers and validate any input data to the device where possible to prevent injection of invalid file data. Monitor vendor communications for updates on patches or mitigations.
CVE-2025-11698: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Rockwell Automation CompactLogix® 5380 Recovery Image Compact GuardLogix® 5380 Recovery Image CompactLogix® 5480 Recovery Image ControlLogix® 5580 Recovery Image GuardLogix® 5580 Recovery Image
Description
A critical buffer overflow vulnerability (CVE-2025-11698) affects Rockwell Automation 5380, 5480, and 5580 series controllers with boot firmware versions lower than 1.072. This flaw allows a malicious user to write invalid file data to the controller, causing it to enter a major non-recoverable fault (MNRF), resulting in denial of service. The vulnerability is due to improper size checking during buffer copy operations in the boot firmware. No official patch or remediation guidance is currently provided by the vendor.
CVSS v4.0
Score 9.2critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-11698 is a classic buffer overflow vulnerability (CWE-120) in the boot firmware of Rockwell Automation CompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, and GuardLogix 5580 controllers. The issue exists in firmware versions prior to 1.072 and allows an unauthenticated attacker to write invalid file data to the device. This can cause the controller to enter a major non-recoverable fault state, effectively causing a denial-of-service condition. The vulnerability has a CVSS 4.0 base score of 9.2, indicating critical severity. No known exploits are reported in the wild, and no vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation results in a denial-of-service condition where the affected controller enters a major non-recoverable fault (MNRF) state, disrupting normal operation. This can impact industrial control systems relying on these controllers, potentially causing operational downtime.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected controllers and validate any input data to the device where possible to prevent injection of invalid file data. Monitor vendor communications for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Rockwell
- Date Reserved
- 2025-10-13T16:23:13.209Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a565a3968715ace43c7b59c
Added to database: 07/14/2026, 15:48:09 UTC
Last enriched: 07/14/2026, 16:19:37 UTC
Last updated: 07/14/2026, 20:34:19 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.