Skip to main content

1756-EN2/ENBT Modules CVE-2026-9653

| EUVDEUVD-2026-43695 HIGH
Improper Validation of Integrity Check Value (CWE-354)
2026-07-14 Rockwell GHSA-w8xr-7458-qr4m
8.7
CVSS 4.0 · Vendor: Rockwell
Share

Severity by source

Vendor (Rockwell) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Remote, unauthenticated, low-complexity CIP packet triggers availability-only impact (A:H); no confidentiality or integrity effect, though disruption is transient and self-recovering.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Rockwell).

CVSS VectorVendor: Rockwell

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 15:35 vuln.today
CVE Published
Jul 14, 2026 - 15:00 cve.org
HIGH 8.7

DescriptionCVE.org

A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.

AnalysisAI

Denial-of-service in Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT ControlLogix EtherNet/IP communication modules lets an unauthenticated network attacker drop active device connections by sending malformed CIP Implicit (I/O) Connection packets. Because CVSS 4.0 rates only availability impact (VC:N/VI:N/VA:H) and connections recover immediately once the traffic stops, the flaw enables repeatable disruption rather than persistent outage or code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to OT/control network
Delivery
Craft malicious CIP Implicit Connection packets
Exploit
Send to 1756-EN2/EN3/ENBT module
Execution
Integrity validation fails, connections drop
Impact
Sustain traffic to continuously disrupt I/O

Vulnerability AssessmentAI

Exploitation Exploitation requires network-layer reachability to the module's EtherNet/IP/CIP interface and the ability to send crafted CIP Implicit (connected I/O) Connection packets; no authentication, credentials, or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact (VA:H) with a fully remote, low-complexity, unauthenticated vector (AV:N/AC:L/PR:N/UI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the industrial network (for example, via a compromised HMI, engineering workstation, or an exposed control segment) sends a stream of crafted CIP Implicit Connection packets to a 1756-EN2/EN3/ENBT module. The malformed packets fail integrity handling and cause active I/O connections to drop, disrupting real-time communication between the controller and downstream devices for as long as the attacker sustains the traffic. …
Remediation Patch available per vendor advisory: consult Rockwell Automation Security Advisory SD1780 at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1780.html for the corrected firmware revision, as no exact fix version is included in the provided data - apply the vendor-specified firmware update to the 1756-EN2, 1756-EN3, and 1756-ENBT modules. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all ControlLogix modules 1756-EN2, 1756-EN3, and 1756-ENBT in your environment and assess their operational criticality; implement firewall rules to restrict CIP traffic to these modules from untrusted network sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9653 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy