Detections
Analytics
Rockwell Automation ControlLogix 5580 NULL Pointer Dereference (CVE-2025-9166)
high Tenable OT Security Plugin ID 503353
Synopsis
The remote OT asset is affected by a vulnerability.Description
A denial-of-service security issue exists in the affected product and version.The security issue stems from the controller repeatedly attempting to forward messages.
The issue could result in a major nonrecoverable fault on the controller.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Rockwell Automation recommends users to update to version 35.014 or later if possible.
If users of the affected software are unable to upgrade the version, security best practices should be applied.
For more information about this issue, please see the advisory on the Rockwell Automation security page.
See Also
http://www.nessus.org/u?d21b1d15
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07
Plugin Details
Severity: High
ID: 503353
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 10/3/2025
Updated: 10/3/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: cpe:/o:rockwellautomation:compactlogix_5380_firmware
Required KB Items: Tenable.ot/Rockwell
Exploit Ease: No known exploits are available
Patch Publication Date: 9/9/2025
Vulnerability Publication Date: 9/9/2025
Reference Information
CVE: CVE-2025-9166
CWE: 476
ICSA: 25-252-07