Two vulnerabilities affect Rockwell Automation CompactLogix 5370 L1/L2/L3 controllers running firmware versions below V38.011. The issues involve missing validation of CIP protocol sequence numbers and source IP addresses, combined with unauthenticated exposure of connection identifiers on the web interface. Both flaws could enable network-based denial-of-service attacks requiring only network access.

Why it matters in Western Canada: Industrial control systems like CompactLogix are widely deployed in Western Canadian energy, manufacturing, and utility sectors. Organizations operating critical infrastructure should prioritize firmware updates to prevent potential production disruptions.

CVEs: CVE-2025-11694, CVE-2026-9307

---

Summary generated from the original advisory. Read the full source: cisa-advisories