8.7

CVE-2026-11317

Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP

A denial of service security issue exists in the
affected product. The security issue stems from a fault occurring when a
crafted CIP message is sent. Devices with less memory are more likely to be
affected. This can result in a major nonrecoverable fault (MNRF). A program
download is required to recover.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRockwell Automation
Produkt CompactLogix, ControlLogix
Default Statusaffected
Version Versions prior to 34.016
Status affected
Version Versions prior to 35.015
Status affected
Version Versions prior to 36.012
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.216
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
PSIRT@rockwellautomation.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html