Description
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
Published: 2026-06-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in CompactLogix 5370 controllers permits exploitation due to missing validation of sequence numbers and source IP addresses in the CIP protocol. The exposed Connection IDs on the controller’s web interface can be abused by an adversary to cause a denial‑of‑service condition, resulting in a minor fault. This weakness aligns with CWE‑354, which focuses on improper input validation leading to unintended behavior.

Affected Systems

Rockwell Automation CompactLogix 5370 controllers, specifically the 1769 model. Version information indicates that the issue is present before the V38.011 firmware release. Update to V38.011 to remediate the vulnerability.

Risk and Exploitability

The CVSS score of 8.7 categorizes this as a high‑severity vulnerability. The EPSS score of less than 1 % indicates a low exploitation probability under current conditions, and the vulnerability is not listed in the CISA KEV catalog. However, because the flaw is network‑exposed and exploits a discovered Connection ID, the likely attack vector is remote exploitation via the CIP protocol or web interface. Successful exploitation results in a denial‑of‑service that can affect availability of the controller and any processes relying on it.

Generated by OpenCVE AI on June 17, 2026 at 21:36 UTC.

Remediation

Vendor Solution

V38.011 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx

OpenCVE Recommended Actions

  • Upgrade the controller firmware to version V38.011 as provided by Rockwell Automation.
  • Restrict network access to the controller’s web interface to trusted IPs or subnet ranges and enforce strong authentication to limit the exposure of Connection IDs.
  • Implement monitoring for abnormal connection attempts or repeated minor faults, and configure alerts to detect potential abuse of the CIP protocol.

Generated by OpenCVE AI on June 17, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation compactlogix 5370
Vendors & Products Rockwellautomation
Rockwellautomation compactlogix 5370

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
Title Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
Weaknesses CWE-354
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Rockwellautomation Compactlogix 5370
cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2026-06-16T17:48:53.691Z

Reserved: 2025-10-13T15:55:35.637Z

Link: CVE-2025-11694

cve-icon Vulnrichment

Updated: 2026-06-16T15:21:32.309Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T15:16:32.693

Modified: 2026-06-16T15:26:04.250

Link: CVE-2025-11694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T16:30:16Z

Weaknesses
  • CWE-354

    Improper Validation of Integrity Check Value