CVE-2026-11317
View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell ...
Affects 0 products across 1 vendor.
Multiple Rockwell Automation Logix controllers (CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570) are vulnerable to a denial-of-service attack via malformed or crafted CIP (Common Industrial Protocol) messages. A remote attacker with network access to the controller can trigger a Major Non-Recoverable Fault (MNRF), forcing the controller into a faulted state and halting industrial process execution. In OT environments, this represents a critical safety and availability risk as MNRF conditions typically require physical intervention to recover and can cause uncontrolled process shutdowns.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-11317?
Is CVE-2026-11317 actively exploited?
How do I remediate CVE-2026-11317?
What systems are affected by CVE-2026-11317?
| CVE ID | CVE-2026-11317 |
|---|---|
| Published | 2026-06-16 |
| Last Modified | 2026-06-16 |
| ICS Relevance | 65% |
| Weakness (CWE) | |
| Source | NVD |
View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP are affected: CompactLogix 5370 <=34.016 (CVE-2026-11317) Compact GuardLogix 5370 <=35.015 (CVE-2026-11317) ControlLogix 5570 <=35.015 (CVE-2026-11317) GuardLogix 5570 36.012 (CVE-2026-11317) CVSS Vendor Equipment Vulnerab
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Rockwell Automation | — | — |
Fixed Version: CompactLogix 5370: >34.016; Compact GuardLogix 5370: >35.015; ControlLogix 5570: >35.015; GuardLogix 5570: >36.012
Firmware updates for the affected Logix controller families address the CIP message handling flaw that allowed crafted packets to trigger a Major Non-Recoverable Fault; customers should apply the latest available firmware revision via Rockwell's FactoryTalk Update Manager or manual firmware download through the Product Compatibility and Download Center (PCDC).
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy the Suricata or Snort rule on an industrial IDS/IPS placed inline or on a SPAN port at the network boundary of the OT zone containing the affected Logix controllers. Additionally, configure perimeter firewall ACLs to whitelist only known engineering workstation and HMI IP addresses for TCP/44818 (EtherNet/IP) and UDP/2222 (implicit I/O) to the affected controller IP addresses. Block all inbound CIP traffic from IT networks and the internet unconditionally.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →