IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT

HIGH
CVSS 7.5
Date 2026-07-16T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-9653 7.5 high
A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.

// Remediations (3)

Patch: 1756-EN2: Update to V12.002
1756-EN2: Update to V12.002
Patch: Rockwell Automation recommends users take the following actions: 1756-EN3: Update to V12.002
Rockwell Automation recommends users take the following actions: 1756-EN3: Update to V12.002
Patch: 1756-ENBT: Product is discontinued, fix is unavailable
1756-ENBT: Product is discontinued, fix is unavailable

// References