CVE-2025-11694

Summary

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 5370V36affected

Weaknesses

  • CWE-354: CWE-354 Improper validation of integrity check value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References