Skip to main content

Rockwell CompactLogix/ControlLogix EUVDEUVD-2026-37112

| CVE-2026-11317 HIGH
Improper Resource Shutdown or Release (CWE-404)
2026-06-16 Rockwell GHSA-mc6f-7cr6-6cwg
8.7
CVSS 4.0 · Vendor: Rockwell
Share

Severity by source

Vendor (Rockwell) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Single crafted CIP packet over the network with no auth or UI causes an unrecoverable controller crash - availability-only impact, hence A:H and C:N/I:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Rockwell).

CVSS VectorVendor: Rockwell

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 15:24 vuln.today

DescriptionCVE.org

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.

AnalysisAI

Remote denial of service in Rockwell Automation CompactLogix and ControlLogix programmable automation controllers allows unauthenticated attackers on the network to crash the device by sending a single crafted Common Industrial Protocol (CIP) message. The fault produces a Major Non-Recoverable Fault (MNRF) that requires a full program download to recover, meaning an outage continues until an engineer physically intervenes. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.7 and OT impact make this a priority patch for affected plant floors.

Technical ContextAI

CompactLogix and ControlLogix are Rockwell Automation's flagship Allen-Bradley PAC/PLC families used to control industrial processes; both speak the Common Industrial Protocol (CIP) carried over EtherNet/IP (TCP/UDP 44818, UDP 2222). CWE-404 (Improper Resource Shutdown or Release) indicates the controller firmware fails to cleanly release or bound a resource while parsing or dispatching a malformed CIP message, exhausting memory or corrupting state on the controller's real-time OS. Rockwell explicitly notes that controllers with less RAM are more susceptible, which is consistent with a resource-exhaustion or out-of-memory crash path rather than a deterministic logic bug. The MNRF outcome is the controller's safety state when the kernel detects unrecoverable inconsistency, and clearing it requires re-downloading the user program from Studio 5000 - an inherently disruptive recovery on a production line.

RemediationAI

Patch available per vendor advisory - consult Rockwell SD1772 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html) for the fixed firmware revisions corresponding to each CompactLogix and ControlLogix catalog number and schedule an upgrade window, since firmware updates require the controller to be placed in Program mode. Where immediate patching is not feasible, restrict CIP/EtherNet/IP traffic (TCP/UDP 44818, UDP 2222) to known engineering workstations and HMIs using an industrial firewall or the controller's built-in CIP Security if licensed, accepting the trade-off that legitimate engineering tools outside the allowlist will lose connectivity. Enforce Purdue-model segmentation so that CompactLogix and ControlLogix devices are not reachable from the enterprise network or the internet, and disable any unused EtherNet/IP-facing modules. Treat Shodan-exposed controllers as an emergency: they should be removed from the public internet before any other mitigation, since a single packet causes an MNRF requiring on-site program download to restore.

Share

EUVD-2026-37112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy