CVE-2026-9653

Summary

A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.

Affected Software

VendorProductVersion RangeStatus
Rockwell Automation1756-EN2, 1756-EN312.001 and beforeaffected
Rockwell Automation1756-ENBT6.006affected

Weaknesses

  • CWE-354: CWE-354 Improper validation of integrity check value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References