CVE-2026-12659 PUBLISHED

Rockwell Automation Flex 5000® Adapter - Denial of Service

Assigner: Rockwell
Reserved: 18.06.2026 Published: 14.07.2026 Updated: 14.07.2026

A denial-of-service security issue exists in the affected products. The security issue stems from improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. A power cycle is required to recover the module and associated I/O.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Rockwell Automation
Product The FLEX 5000® EtherNet/IP Adapter
Versions Default: unaffected
  • Version version 6.011 is affected

Solutions

Upgrade to version 6.012 or later.

References

Problem Types

  • CWE-415 Double free CWE