Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

HIGH

CVSS 7.5

Date 2026-06-16T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF).

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2026-11317	7.5	high	A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.

// Affected Products (2)

Vendor	Product	Asset Type	Purdue Level	Firmware
Rockwell Automation	Unknown	plc	L1	Firmware__20.011
Rockwell Automation	Unknown	plc	L1	20-33

// Remediations (5)

Patch: ControlLogix 5570: Versions 36.012 and later

ControlLogix 5570: Versions 36.012 and later

Patch: Rockwell Automation recommends users to update to the following versions: CompactLogix 5370: Version

Rockwell Automation recommends users to update to the following versions: CompactLogix 5370: Versions 34.016 and later

Mitigation: For more information, see Rockwell Automation Security Advisory SD1772 (https://www.rockwellautomati

For more information, see Rockwell Automation Security Advisory SD1772 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1772.html)

Patch: GuardLogix 5570: Versions 37.011 and later

GuardLogix 5570: Versions 37.011 and later

Patch: Compact GuardLogix 5370: Versions 35.015 and later

Compact GuardLogix 5370: Versions 35.015 and later

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

// Description

// Vulnerabilities (1)

// Affected Products (2)

// Remediations (5)

// References