CVE-2026-11317
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Rockwell Automation Product via Crafted CIP Message

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Rockwell Automation

Description
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-11317
EUVD
EUVD-2026-37112
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
rockwell_automation logix_5370 to 34.016 (exc)
rockwell_automation logix_5570 to 34.016 (exc)
rockwell_automation compactlogix to 34.016 (exc)
rockwell_automation compact_guardlogix to 34.016 (exc)
rockwell_automation controllogix to 34.016 (exc)
rockwell_automation guardlogix to 34.016 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11317 is a high-severity denial-of-service (DoS) vulnerability affecting Rockwell Automation's Logix 5370 and 5570 controllers, including CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix models.

The vulnerability is triggered by sending a specially crafted Common Industrial Protocol (CIP) message to the affected devices.

This causes a major nonrecoverable fault (MNRF), especially in devices with limited memory, which requires a program download to recover.

The root cause is improper resource shutdown or release (CWE-404).

Impact Analysis

This vulnerability can cause affected devices to experience a major nonrecoverable fault (MNRF), effectively causing a denial of service.

Devices with less memory are more susceptible to this fault.

When triggered, the device will stop functioning properly and require a program download to recover, potentially causing downtime and disruption in industrial control systems.

Detection Guidance

This vulnerability is triggered by a crafted Common Industrial Protocol (CIP) message causing a denial-of-service condition resulting in a major nonrecoverable fault (MNRF) on affected devices.

There are no specific detection commands or network signatures provided in the available information to identify this vulnerability on your network or system.

Monitoring for unexpected device faults or crashes, especially on Rockwell Automation Logix 5370, 5570, CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers running vulnerable firmware versions, may help identify if the issue is occurring.

Mitigation Strategies

The primary mitigation step is to upgrade the affected devices to the corrected firmware versions: 34.016, 35.015, 36.012, or 37.011 or later.

No official workaround is provided for this vulnerability.

For customers unable to upgrade immediately, it is recommended to follow security best practices to reduce exposure, such as restricting network access to the affected devices and monitoring for unusual activity.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart