# Critical DoS Vulnerability Found in Rockwell Automation Logix Controllers **Rockwell Automation** has reported a critical denial-of-service (DoS) vulnerability, tracked as **CVE-2026-11317**, affecting multiple versions of their **Logix 5370 & 5570 Controllers**. This flaw could enable attackers to trigger a major nonrecoverable fault (MNRF) by sending a specially crafted Common Industrial Protocol (CIP) message. ## Vulnerability Details: CVE-2026-11317 The vulnerability stems from an improper resource shutdown or release (**CWE-404**) within the affected controllers. When a malformed CIP message is received, it can cause a fault, particularly impacting devices with less memory. The resulting MNRF necessitates a full program download to restore functionality, leading to significant operational disruption. ### Affected Products The following **Rockwell Automation** controller versions are known to be affected: * **CompactLogix 5370** controllers with versions less than or equal to 34.016 * **Compact GuardLogix 5370** controllers with versions less than or equal to 35.015 * **ControlLogix 5570** controllers with versions less than or equal to 35.015 * **GuardLogix 5570** controllers with version 36.012 This vulnerability carries a CVSS v3 score of 7.5, indicating a high severity risk. These controllers are widely deployed in critical manufacturing sectors globally. ## Recommended Mitigations **CISA** (Cybersecurity and Infrastructure Security Agency) emphasizes the importance of defensive measures to minimize the risk of exploitation. Key recommendations include: * **Network Segmentation**: Isolate control system networks and devices from business networks and ensure they are not directly accessible from the internet. * **Firewall Implementation**: Deploy robust firewalls to protect control system networks and remote devices. * **Secure Remote Access**: When remote access is essential, utilize secure methods such as Virtual Private Networks (VPNs). Ensure VPNs are updated to the latest versions and recognize that their security is dependent on the connected devices. * **Impact and Risk Assessment**: Perform thorough impact analyses and risk assessments before deploying any defensive measures. * **Proactive Defense**: Implement recommended cybersecurity strategies for the proactive defense of Industrial Control Systems (ICS) assets, including defense-in-depth strategies. **CISA** also advises organizations to remain vigilant against social engineering attacks, recommending users avoid clicking suspicious web links or opening attachments in unsolicited emails. At present, **CISA** has not reported any known public exploitation of this specific vulnerability. Organizations observing suspected malicious activity should follow internal procedures and report findings to **CISA** for tracking and correlation.