CISA flags CVE-2026-11317 DoS in Rockwell Logix controllers
Network-accessible controllers carry the immediate risk because recovery can require a program download after a major nonrecoverable fault.
TL;DR
CISA disclosed CVE-2026-11317, a network-exploitable denial-of-service flaw in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570 and GuardLogix 5570 controllers. Defense-industrial-base manufacturers and other critical manufacturing operators using affected Logix systems face downtime if exposed controllers are hit. CISA scores the flaw at CVSS 7.5 under v3.1 and 8.7 under v4.0, and says no known public exploitation has been reported.
CISA's June 16 advisory says CVE-2026-11317 is an Improper Resource Shutdown or Release flaw in Rockwell Automation Logix 5370 and 5570 controllers. A crafted Common Industrial Protocol message can force a denial-of-service condition and major nonrecoverable fault, with lower-memory devices more likely to fail; recovery requires a program download. The affected families include CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570 and GuardLogix 5570. Rockwell recommends updates to CompactLogix 5370 34.016 or later, Compact GuardLogix 5370 35.015 or later, ControlLogix 5570 36.012 or later, and GuardLogix 5570 37.011 or later. CISA also repeats the standard ICS controls: remove internet exposure, place controllers behind firewalls, separate control networks from business networks and treat VPN access as a maintained asset. CISA says no known public exploitation has been reported.
Published ·Deep Fathom