Back to overview

CVE-2026-9653

HIGH
8.7
CVSS 4.0
Description
A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.

Metadata

CVE ID
CVE-2026-9653
State
PUBLISHED
Assigner
Rockwell
Reserved
2026-05-26 20:07 UTC
Published
2026-07-14 15:00 UTC
Last updated
2026-07-14 15:25 UTC
Primary CWE
CWE-354
CWE-354 Improper validation of integrity check value
Vendor / Product
Rockwell Automation / 1756-EN2, 1756-EN3
Sources
cve.org  ·  NVD

Severity & Metrics

8.7 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
Rockwell Automation 1756-EN2, 1756-EN3 12.001 and before
Rockwell Automation 1756-ENBT 6.006
Weakness (CWE)
CWESourceDescription
CWE-354 cna CWE-354 Improper validation of integrity check value
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Back to overview