CVE-2026-9636
Awaiting Analysis
Awaiting Analysis - Queue
CIP Security Certificate Bypass in CompactLogix 5380
Vulnerability report for CVE-2026-9636, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: Rockwell Automation
Description
Description
A security issue exists within CompactLogix® 5380, ControlLogix® 5580, and EN4 communication modules related to CIP Security certificate revocation handling. The security issue stems from the controller failing to properly reject certificates signed by an intermediate certificate that has been revoked via a Certificate Revocation List (CRL). This could allow a network-based attacker to establish a connection using a certificate that should be untrusted, potentially bypassing CIP Security protections.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwell_automation | controllogix_5580 | From 36 (inc) to 37 (inc) |
| rockwell_automation | compactlogix_5380 | From 36 (inc) to 37 (inc) |
| rockwell_automation | guardlogix_5580 | From 36 (inc) to 37 (inc) |
| rockwell_automation | compact_guardlogix_5380 | From 36 (inc) to 37 (inc) |
| rockwell_automation | 1756-en4 | From 6.001 (inc) to 8.001 (inc) |
| rockwell_automation | 1756-en4tr | From 6.001 (inc) to 7.001 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-299 | The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. |