CVE-2025-11694

Name: CVE-2025-11694
Creator: NVD / NIST
Published: 2026-06-16T15:16:32.693+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.7/10EPSS 0.17%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

Metrics

CVSS 4.0

8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.17%

6.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-354

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html

Timeline

Published: Jun 16, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2025-11694?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST