CVE-2026-9636 PUBLISHED

Rockwell Automation CompactLogix® 5380 ControlLogix® 5580 / 1756-EN4 Communications Module – Certificate Revocation List Vulnerability

Assigner: Rockwell
Reserved: 26.05.2026 Published: 14.07.2026 Updated: 14.07.2026

A security issue exists within CompactLogix® 5380, ControlLogix® 5580, and EN4 communication modules related to CIP Security certificate revocation handling. The security issue stems from the controller failing to properly reject certificates signed by an intermediate certificate that has been revoked via a Certificate Revocation List (CRL). This could allow a network-based attacker to establish a connection using a certificate that should be untrusted, potentially bypassing CIP Security protections.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.2

Product Status

Vendor Rockwell Automation
Product ControlLogix® 5580, CompactLogix® 5380, GuardLogix® 5580, Compact GuardLogix® 5380, 1756-EN4TR
Versions Default: unaffected
  • Version Version 36 - Version 37 is affected

Solutions

Upgrade to firmware version 38.011 or later.

For 1756-EN4TR upgrade to version 8.001 or later.

References

Problem Types

  • CWE-299 Improper check for certificate revocation CWE