CVE-2025-11694 | A security issue exists within 1769 CompactLogix controllers… | CVSS 8.7 HIGH

Description

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

Metadata

CVE ID: CVE-2025-11694
State: PUBLISHED
Assigner: Rockwell
Reserved: 2025-10-13 15:55 UTC
Published: 2026-06-16 13:39 UTC
Last updated: 2026-06-16 17:48 UTC
Primary CWE: CWE-354
CWE-354 Improper validation of integrity check value
Vendor / Product: Rockwell Automation / CompactLogix 5370
Sources: cve.org · NVD

Severity & Metrics

8.7 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Rockwell Automation	CompactLogix 5370	—	V36

Weakness (CWE)

CWE	Source	Description
CWE-354	cna	CWE-354 Improper validation of integrity check value

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References (1)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html