PatchSiren cyber security CVE debrief
CVE-2025-11694 Rockwell Automation CVE debrief
CVE-2025-11694 is a HIGH severity vulnerability with a CVSS score of 8.7. The vulnerability exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows an attacker to abuse the exposed Connection ID's visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
- Vendor
- Rockwell Automation
- Product
- CompactLogix 5370
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Administrators and users of 1769 CompactLogix controllers should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows an attacker to perform denial-of-service attacks.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates from the vendor as soon as they are available.
- Restrict access to the web interface of the 1769 CompactLogix controllers.
- Monitor the system for any suspicious activity.
Evidence notes
The vendor is Rockwell Automation, as indicated by the evidence in the vendor section.
Official resources
-
CVE-2025-11694 CVE record
CVE.org
-
CVE-2025-11694 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-11694 was published on 2026-06-16T15:16:32.693Z and modified on 2026-06-16T15:26:04.250Z.