CVE-2025-11694
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are aff...
Affects 0 products across 1 vendor.
Rockwell Automation CompactLogix 5370 L1, L2, and L3 PLCs are affected by vulnerabilities involving improper validation of integrity check values and exposure of sensitive system information to unauthorized parties. A remote attacker can exploit these flaws to cause a denial-of-service condition, potentially disrupting critical industrial control operations. Given the widespread deployment of CompactLogix controllers in manufacturing, energy, and critical infrastructure environments, successful exploitation could result in unplanned process shutdowns or loss of view/control.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2025-11694?
Is CVE-2025-11694 actively exploited?
How do I remediate CVE-2025-11694?
What systems are affected by CVE-2025-11694?
| CVE ID | CVE-2025-11694 |
|---|---|
| Published | 2026-06-16 |
| Last Modified | 2026-06-16 |
| ICS Relevance | 65% |
| Weakness (CWE) | |
| Source | NVD |
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are affected: CompactLogix 5370 L1 CompactLogix 5370 L2 CompactLogix 5370 L3 CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation CompactLogix Improper Validation of Integrity Check Value, Exposure of Sensitive System Information to an Unauthorized Control Sphere Background Cri
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Rockwell Automation | — | — |
Vendor patch details and fixed firmware version not yet publicly disclosed at time of analysis. Monitor Rockwell Automation Product Security Advisory portal and CISA ICS-CERT advisories for firmware updates addressing the improper integrity check validation and information exposure issues.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy rules on OT-segment firewalls and IDS sensors monitoring EtherNet/IP traffic (UDP/TCP port 44818 and TCP port 2222 for CIP). Block all CIP/EtherNet/IP traffic originating from untrusted network zones (IT network, internet-facing segments) to CompactLogix controllers. Enforce allowlisting of source IPs permitted to communicate with controllers. Deploy inline IPS at OT DMZ boundary with rate-limiting on CIP session establishment packets.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →