CVE-2025-11694: CWE-354 Improper validation of integrity check value in Rockwell Automation CompactLogix 5370
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
AI Analysis
Technical Summary
This vulnerability (CWE-354) affects Rockwell Automation CompactLogix 5370 controllers, version 36. It is caused by missing validation of sequence numbers and source IP addresses within the CIP protocol implementation. Attackers can leverage exposed Connection IDs accessible via the device's web interface to perform denial-of-service attacks, resulting in minor faults. The CVSS 4.0 base score is 8.7, indicating high severity, with network attack vector, no required privileges or user interaction, and high impact on availability.
Potential Impact
Exploitation of this vulnerability allows an unauthenticated attacker to cause denial-of-service conditions on the affected CompactLogix 5370 controller by abusing exposed Connection IDs. The impact is limited to causing minor faults, potentially disrupting normal device operation and availability.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is provided, restrict access to the device's web interface to trusted networks and monitor for unusual activity related to Connection IDs to reduce exposure.
CVE-2025-11694: CWE-354 Improper validation of integrity check value in Rockwell Automation CompactLogix 5370
Description
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
CVSS v4.0
Score 8.7high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-354) affects Rockwell Automation CompactLogix 5370 controllers, version 36. It is caused by missing validation of sequence numbers and source IP addresses within the CIP protocol implementation. Attackers can leverage exposed Connection IDs accessible via the device's web interface to perform denial-of-service attacks, resulting in minor faults. The CVSS 4.0 base score is 8.7, indicating high severity, with network attack vector, no required privileges or user interaction, and high impact on availability.
Potential Impact
Exploitation of this vulnerability allows an unauthenticated attacker to cause denial-of-service conditions on the affected CompactLogix 5370 controller by abusing exposed Connection IDs. The impact is limited to causing minor faults, potentially disrupting normal device operation and availability.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is provided, restrict access to the device's web interface to trusted networks and monitor for unusual activity related to Connection IDs to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Rockwell
- Date Reserved
- 2025-10-13T15:55:35.637Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3165080b89be6888c91b0c
Added to database: 6/16/2026, 3:00:24 PM
Last enriched: 6/16/2026, 3:16:53 PM
Last updated: 6/17/2026, 4:51:17 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.