CVE 8.7 HIGH

Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP_CVE-2026-11317

June 16, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

A denial of service security issue exists in the
affected product. The security issue stems from a fault occurring when a
crafted CIP message is sent. Devices with less memory are more likely to be
affected. This can result in a major nonrecoverable fault (MNRF). A program
download is required to recover.

AI Analysis

Denial of service vulnerability via crafted CIP message

Basic Information

ID CVE-2026-11317

Source Rockwell

Published Jun 16, 2026 at 13:10

Affected Product

Vendor Rockwell Automation

Product CompactLogix, ControlLogix

Version Versions prior to 34.016, 35.015, 36.012

Affected Versions Rockwell Automation CompactLogix, ControlLogix Versions prior to 34.016
Rockwell Automation CompactLogix, ControlLogix Versions prior to 35.015
Rockwell Automation CompactLogix, ControlLogix Versions prior to 36.012

CWE Classification

CWE-404

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Rockwell Automation

Product CompactLogix, ControlLogix

Version Versions prior to 34.016, 35.015, 36.012

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1772.html

{
    "lastseen": "",
    "description": "A denial of service security issue exists in the\naffected product. The security issue stems from a fault occurring when a\ncrafted CIP message is sent. Devices with less memory are more likely to be\naffected. This can result in a major nonrecoverable fault (MNRF). A program\ndownload is required to recover.",
    "published": "2026-06-16T13:10:19.255Z",
    "modified": "2026-06-16T13:10:19.255Z",
    "type": "cve",
    "title": "Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html",
    "id": "CVE-2026-11317",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation CompactLogix, ControlLogix Versions prior to 34.016\nRockwell Automation CompactLogix, ControlLogix Versions prior to 35.015\nRockwell Automation CompactLogix, ControlLogix Versions prior to 36.012",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CompactLogix, ControlLogix",
    "version": "Versions prior to 34.016, 35.015, 36.012",
    "vendor": "Rockwell Automation",
    "ai_description": "Denial of service vulnerability via crafted CIP message",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "CompactLogix, ControlLogix",
    "ai_version": "Versions prior to 34.016, 35.015, 36.012",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply