EUVD-2020-28138

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Connection algorithm in Rockwell Automation devices can cause denial-of-service via infinite loop.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of microprogrammed software in programmable logic controllers such as CompactLogix 5370 L1, CompactLogix 5370 L2, CompactLogix 5370 L3, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5370, related to the execution of a loop with an unavailable exit condition, allows a intruder to cause a service failure.	30 Mar 202100:00	–	bdu_fstec
Circl	CVE-2020-6998	28 Jul 202200:36	–	circl
CNNVD	Rockwell Automation CompactLogix 5370 输入验证错误漏洞	2 Mar 202100:00	–	cnnvd
CVE	CVE-2020-6998	27 Jul 202220:18	–	cve
Cvelist	CVE-2020-6998 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation	27 Jul 202220:18	–	cvelist
ICS	Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)	2 Mar 202100:00	–	ics
NVD	CVE-2020-6998	27 Jul 202221:15	–	nvd
OSV	CVE-2020-6998	27 Jul 202221:15	–	osv
Prion	Buffer overflow	27 Jul 202221:15	–	prion
Positive Technologies	PT-2021-2365 · Rockwell Automation · Guardlogix 5370 +7	2 Mar 202100:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "788b8aec-b0fa-33a1-974e-e0436d9d64d3",
        "vendor": {
          "name": "Rockwell Automation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0253128a-19fe-3646-813f-259e9ea0a5d8",
        "product": {
          "name": "CompactLogix 5370 L2 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "0e62e616-c2d4-3339-b254-7f45165c74ac",
        "product": {
          "name": "CompactLogix 5370 L1 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "16d2ee4a-42db-3e69-84d8-cebcb7a23e4f",
        "product": {
          "name": "CompactLogix 5370 L3 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "2929fc25-8be3-340f-89b3-dd7cb9549a67",
        "product": {
          "name": "ControlLogix 5570 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "5e09f105-af71-3646-87e1-5754badd6ec9",
        "product": {
          "name": "Compact GuardLogix 5370 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "78427423-f81a-3a67-a247-41d7d823067d",
        "product": {
          "name": "Armor GuardLogix Safety Controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      },
      {
        "id": "d65a9506-3975-3af3-9104-9706f6e1f7d0",
        "product": {
          "name": "Armor Compact GuardLogix 5370 controllers"
        },
        "product_version": "unspecified ≤versions 33 and prior"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-21-061-02
rockwellautomation	www.rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.4High risk

Vulners AI Score8.4

CVSS 3.15.8 - 8.6

EPSS0.0174

SSVC