PatchSiren cyber security CVE debrief
CVE-2026-11317 Rockwell Automation CVE debrief
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
- Vendor
- Rockwell Automation
- Product
- CompactLogix, ControlLogix
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of the affected product, particularly those with devices having limited memory, should be aware of this vulnerability as it can lead to a major nonrecoverable fault.
Technical summary
The vulnerability is caused by a fault that occurs when a crafted CIP message is sent to the affected product. This can result in a denial of service and requires a program download to recover.
Defensive priority
HIGH
Recommended defensive actions
- Users should apply the necessary patches or updates provided by the vendor to mitigate this vulnerability.
- Implement network segmentation and access controls to limit the attack surface.
- Monitor network traffic for suspicious activity.
Evidence notes
The CVE-2026-11317 record indicates a CVSS score of 8.7 and a HIGH severity level. The vulnerability is related to CWE-404.
Official resources
-
CVE-2026-11317 CVE record
CVE.org
-
CVE-2026-11317 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-11317 was published on 2026-06-16T15:16:34.607Z and modified on 2026-06-16T15:26:04.250Z.