CVE-2026-11317

Summary

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix, ControlLogixVersions prior to 34.016affected
Rockwell AutomationCompactLogix, ControlLogixVersions prior to 35.015affected
Rockwell AutomationCompactLogix, ControlLogixVersions prior to 36.012affected

Weaknesses

  • CWE-404: CWE-404: Improper Resource Shutdown or Release

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References