Summary
Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF).
The following versions of Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP are affected:
- CompactLogix 5370 <=34.016 (CVE-2026-11317)
- Compact GuardLogix 5370 <=35.015 (CVE-2026-11317)
- ControlLogix 5570 <=35.015 (CVE-2026-11317)
- GuardLogix 5570 36.012 (CVE-2026-11317)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.5 | Rockwell Automation | Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP | Improper Resource Shutdown or Release |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2026-11317
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
Affected Products
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Rockwell Automation
Rockwell Automation CompactLogix 5370: <=34.016, Rockwell Automation Compact GuardLogix 5370: <=35.015, Rockwell Automation ControlLogix 5570: <=35.015, Rockwell Automation GuardLogix 5570: 36.012
known_affected
Remediations
Vendor fix
Rockwell Automation recommends users to update to the following versions: CompactLogix 5370: Versions 34.016 and later
Vendor fix
Compact GuardLogix 5370: Versions 35.015 and later
Vendor fix
ControlLogix 5570: Versions 36.012 and later
Vendor fix
GuardLogix 5570: Versions 37.011 and later
Mitigation
For more information, see Rockwell Automation Security Advisory SD1772 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html)
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html
Relevant CWE: CWE-404 Improper Resource Shutdown or Release
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 4.0 | 8.7 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Acknowledgments
- Rockwell Automation reported this vulnerability to CISA
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.
Minimize network exposure for all control system devices and/or s
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: