Certificate Revocation Flaw in CompactLogix and ControlLogix Products by Rockwell Automation
CVE-2026-9636

8.2HIGH

What is CVE-2026-9636?

A security vulnerability has emerged within Rockwell Automation's CompactLogix® 5380 and ControlLogix® 5580 controllers, including EN4 communication modules, which relates to the handling of Certificate Revocation Lists (CRLs). Specifically, the controllers fail to correctly reject certificates signed by an intermediate authority that has been revoked. This flaw could permit a malicious actor to connect to the network using an unauthorized and untrusted certificate, undermining CIP Security safeguards and exposing the system to potential exploitation. Organizations utilizing these systems should take immediate precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

ControlLogix® 5580, CompactLogix® 5380, GuardLogix® 5580, Compact GuardLogix® 5380, 1756-EN4TR Version 36 - Version 37

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.