Rockwell Automation CompactLogix

Summary

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.

The following versions of Rockwell Automation CompactLogix are affected:

CompactLogix 5370 L1
CompactLogix 5370 L2
CompactLogix 5370 L3

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.5	Rockwell Automation	Rockwell Automation CompactLogix	Improper Validation of Integrity Check Value, Exposure of Sensitive System Information to an Unauthorized Control Sphere

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2025-11694

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

View CVE Details

Affected Products

Rockwell Automation CompactLogix

Vendor:
Rockwell Automation

Product Version:
Rockwell Automation CompactLogix 5370 L1: <V38.011, Rockwell Automation CompactLogix 5370 L2: <V38.011, Rockwell Automation CompactLogix 5370 L3: <V38.011

Product Status:
known_affected

Remediations

Mitigation
Rockwell Automation recommends users update to V38.011 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061
https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=55023,55024,55025,55026,55027,55061

Mitigation
For more information, please visit Rockwell Automations SD1776 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html

Relevant CWE: CWE-354 Improper Validation of Integrity Check Value

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2026-9307

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller’s web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

View CVE Details

Affected Products

Rockwell Au

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation CompactLogix

Rockwell Automation CompactLogix

Summary

Background

Vulnerabilities

CVE-2025-11694

Affected Products

Rockwell Automation CompactLogix

Remediations

Metrics

CVE-2026-9307

Affected Products

Rockwell Au

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation CompactLogix

Read the original article:

Like this:

Related

Summary

Background

Vulnerabilities

CVE-2025-11694

Affected Products

Rockwell Automation CompactLogix

Remediations

Metrics

CVE-2026-9307

Affected Products

Rockwell Au […]Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from All CISA Advisories Read the original article: Rockwell Automation CompactLogix

Read the original article:

Share this:

Like this:

Related

Post navigation

Rockwell Au

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation CompactLogix