CVE-2026-9653 PUBLISHED

1756-EN2, 1756-EN3, and 1756-ENBT - Denial of Service via CIP Connection ID

Assigner: Rockwell
Reserved: 26.05.2026 Published: 14.07.2026 Updated: 14.07.2026

A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Rockwell Automation
Product 1756-EN2, 1756-EN3
Versions Default: unaffected
  • Version 12.001 and before is affected
Vendor Rockwell Automation
Product 1756-ENBT
Versions Default: unaffected
  • Version 6.006 is affected

References

Problem Types

  • CWE-354 Improper validation of integrity check value CWE