CVE-2026-9653
HIGH
8.7
CVSS 4.0
Description
A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.
Metadata
Severity & Metrics
8.7
HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Rockwell Automation | 1756-EN2, 1756-EN3 | — | 12.001 and before |
| Rockwell Automation | 1756-ENBT | — | 6.006 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-354 | cna | CWE-354 Improper validation of integrity check value |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.7 | HIGH | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
References (1)