Jessica Entwistle
July 17 2026
CISA has published advisories for multiple vulnerabilities affecting Rockwell Automation CompactLogix, ControlLogix, Compact GuardLogix and GuardLogix controllers. CISA reports that successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, potentially disrupting industrial control systems and operational technology environments. The affected products include CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570 and GuardLogix 5570 controllers running firmware versions up to and including V35.015. Rockwell Automation has released updated firmware versions to address the vulnerabilities and recommends that users update to the latest versions as soon as operationally feasible. The vulnerabilities are tracked as CVE-2025-12011, CVE-2025-12012 and CVE-2025-11698, and affect widely deployed industrial controllers used in manufacturing, utilities, critical infrastructure and other operational technology environments.
Operational technology environments present unique challenges when it comes to patching and vulnerability management, as many systems cannot be taken offline without affecting production, safety or critical infrastructure operations. However, denial-of-service vulnerabilities in industrial controllers can have significant operational and safety implications, particularly in manufacturing, utilities, critical infrastructure and other sectors where uptime and reliability are essential. For UK businesses operating OT environments, this advisory is a reminder of the importance of maintaining visibility into the firmware versions running on industrial control systems, understanding the patching and update processes for those systems, and ensuring that security updates are applied in a planned and controlled manner. It also highlights the value of network segmentation, monitoring and access control in OT environments, where technical vulnerabilities may remain unpatched for longer periods than in traditional IT environments. The fact that these vulnerabilities could lead to denial-of-service conditions means that organisations need to consider both the cybersecurity risk and the operational risk of exploitation, and balance the need for patching with the need to maintain operational continuity.
Review whether you have visibility into the firmware versions running on your industrial controllers, and whether you have a process in place for applying security updates in a way that balances operational continuity with risk management. Consider whether your OT networks are segmented from corporate IT, whether you have monitoring in place for unusual activity, and whether your incident response plans account for the unique challenges of responding to incidents in operational technology environments. Evaluate whether you have a clear understanding of which systems are critical to production and safety, and whether you have backup or redundancy in place to manage the risk of denial-of-service conditions. This is also a prompt to review whether your organisation has clear ownership and accountability for OT security, and whether your IT and OT teams are working together to manage risk across both environments. Finally, consider whether you have a relationship with your OT equipment vendors and whether you are receiving timely security advisories and support for patching and updating your systems.
Source: CISA