Denial-of-Service Vulnerability in Rockwell Automation Communication Modules
CVE-2026-9653

8.7HIGH

What is CVE-2026-9653?

A security issue has been identified in Rockwell Automation’s 1756-EN2, EN3, and ENBT communication modules, resulting from improper validation of CIP Implicit Connection packets. This vulnerability could allow an attacker on the same network to send specially crafted packets, which may disrupt device connections. While the connections will recover swiftly after the disruption, the potential for network instability highlights the importance of addressing this issue promptly to ensure continued operational integrity.

Affected Version(s)

1756-EN2, 1756-EN3 12.001 and before

1756-ENBT 6.006

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.