Security/ industrial security · ics · critical infrastructure · vulnerability

Rockwell PLC Network Modules Vulnerable to Denial-of-Service Flaw

A flaw in Rockwell Automation's 1756-series EtherNet/IP modules lets any network attacker knock industrial connections offline with crafted packets.

Three widely deployed Rockwell Automation industrial network modules carry a high-severity denial-of-service flaw with no patch available for one of them.

CISA published an advisory on July 16, 2026, covering CVE-2026-9653, a vulnerability in the 1756-EN2, 1756-EN3, and 1756-ENBT EtherNet/IP communication modules used in ControlLogix programmable controllers. The flaw stems from improper validation of CIP Implicit Connection packets — the real-time messaging layer that keeps industrial devices in sync. An unauthenticated attacker on the same network can send crafted packets to repeatedly drop device connections. Connections recover on their own, but the disruption can be triggered continuously. CVSS scores land at 7.5 under version 3.1 and 8.7 under version 4.0, both rated High. Rockwell has released V12.002 firmware for the EN2 and EN3 modules; the ENBT is discontinued and will not receive a fix.

The practical risk here sits squarely in critical manufacturing environments, where momentary, repeatable connection loss can halt production lines or, in poorly segmented networks, cascade into broader control system disruption. The fact that exploitation requires no credentials and no user interaction — and that the ENBT line is end-of-life with no remediation path — puts organizations still running that hardware in a difficult spot.

Rockwell's ControlLogix platform is a backbone of U.S. and global manufacturing infrastructure, which is precisely why network-layer flaws in its communication modules draw federal attention. For operators who cannot patch immediately, CISA's standing advice applies: isolate control networks from business networks, restrict internet exposure, and use VPNs for any required remote access — though the agency is careful to note that VPNs introduce their own risk surface.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →