Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

compactlogix

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2024-5659
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-8.3||HIGH
EPSS-0.31% / 22.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 16:42
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-CompactLogix 5380Compact GuardLogix 53801756-EN4ControlLogix® 5580GuardLogix 5580CompactLogix 5480controllogix_55801756_en4compact_guardlogix_5480compact_logix_5480guardlogix_5580compactlogix
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2012-6436
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-32.73% / 98.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Input Validation

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-guardlogix_controllersmicrologixsoftlogix_controllers1756-eweb1768-enbt1756-enbtflexlogix_1788-enbt_adaptercompactlogixcontrollogix_controllerssoftlogix1794-aentr_flex_i\/o_ethernet\/ip_adaptercompactlogix_controllerscompactlogix_l32e_controllercontrollogixguardlogixcompactlogix_l35e_controller1768-ewebControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogix1794-AENTR FLEX I/O EtherNet/IP adapterCompactLogix L32E and L35E controllers1788-ENBT FLEXLogix adapterCompactLogix and SoftLogix controllersMicroLogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6437
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-9.58% / 94.85%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Authentication

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-guardlogix_controllersmicrologixsoftlogix_controllers1756-eweb1768-enbt1756-enbtflexlogix_1788-enbt_adaptercompactlogixcontrollogix_controllerssoftlogix1794-aentr_flex_i\/o_ethernet\/ip_adaptercompactlogix_controllerscompactlogix_l32e_controllercontrollogixguardlogixcompactlogix_l35e_controller1768-ewebControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogix1794-AENTR FLEX I/O EtherNet/IP adapterCompactLogix L32E and L35E controllers1788-ENBT FLEXLogix adapterCompactLogix and SoftLogix controllersMicroLogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
CWE ID-CWE-287
Improper Authentication
CVE-2012-6438
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-32.73% / 98.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Input Validation

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-guardlogix_controllersmicrologixsoftlogix_controllers1756-eweb1768-enbt1756-enbtflexlogix_1788-enbt_adaptercompactlogixcontrollogix_controllerssoftlogix1794-aentr_flex_i\/o_ethernet\/ip_adaptercompactlogix_controllerscompactlogix_l32e_controllercontrollogixguardlogixcompactlogix_l35e_controller1768-ewebControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogix1794-AENTR FLEX I/O EtherNet/IP adapterCompactLogix L32E and L35E controllers1788-ENBT FLEXLogix adapterCompactLogix and SoftLogix controllersMicroLogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6435
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-41.89% / 98.51%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Access Control

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-guardlogix_controllersmicrologixsoftlogix_controllers1756-eweb1768-enbt1756-enbtflexlogix_1788-enbt_adaptercompactlogixcontrollogix_controllerssoftlogix1794-aentr_flex_i\/o_ethernet\/ip_adaptercompactlogix_controllerscompactlogix_l32e_controllercontrollogixguardlogixcompactlogix_l35e_controller1768-ewebControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogix1794-AENTR FLEX I/O EtherNet/IP adapterCompactLogix L32E and L35E controllers1788-ENBT FLEXLogix adapterCompactLogix and SoftLogix controllersMicroLogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
CWE ID-CWE-284
Improper Access Control
CVE-2012-6440
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.8||MEDIUM
EPSS-8.12% / 94.10%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Input Validation

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-guardlogix_controllersmicrologixsoftlogix_controllers1756-eweb1768-enbt1756-enbtflexlogix_1788-enbt_adaptercompactlogixcontrollogix_controllerssoftlogix1794-aentr_flex_i\/o_ethernet\/ip_adaptercompactlogix_controllerscompactlogix_l32e_controllercontrollogixguardlogixcompactlogix_l35e_controller1768-ewebControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogix1794-AENTR FLEX I/O EtherNet/IP adapterCompactLogix L32E and L35E controllers1788-ENBT FLEXLogix adapterCompactLogix and SoftLogix controllersMicroLogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
CWE ID-CWE-287
Improper Authentication
CVE-2012-6441
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-54.17% / 98.87%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Information Exposure

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-compactlogix_l32e_controllersoftlogix1768-eweb1756-ewebcompactlogix1756-enbtcontrollogix_controllersmicrologixcompactlogix_controllers1768-enbtcompactlogix_l35e_controllersoftlogix_controllersflexlogix_1788-enbt_adapter1794-aentr_flex_i\/o_ethernet\/ip_adapterguardlogix_controllerscontrollogixguardlogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modulesCompactLogix and SoftLogix controllers1788-ENBT FLEXLogix adapterControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogixCompactLogix L32E and L35E controllers1794-AENTR FLEX I/O EtherNet/IP adapterMicroLogix
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6439
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-28.35% / 97.87%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix PLC Improper Access Control

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.  Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-compactlogix_l32e_controllersoftlogix1768-eweb1756-ewebcompactlogix1756-enbtcontrollogix_controllersmicrologixcompactlogix_controllers1768-enbtcompactlogix_l35e_controllersoftlogix_controllersflexlogix_1788-enbt_adapter1794-aentr_flex_i\/o_ethernet\/ip_adapterguardlogix_controllerscontrollogixguardlogix1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modulesCompactLogix and SoftLogix controllers1788-ENBT FLEXLogix adapterControlLogix and GuardLogix controllersControlLogix, CompactLogix, GuardLogix, and SoftLogixCompactLogix L32E and L35E controllers1794-AENTR FLEX I/O EtherNet/IP adapterMicroLogix
CWE ID-CWE-284
Improper Access Control