Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Upgrade to firmware version 38.011 or later. For 1756-EN4TR upgrade to version 8.001 or later.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security issue exists within CompactLogix® 5380, ControlLogix® 5580, and EN4 communication modules related to CIP Security certificate revocation handling. The security issue stems from the controller failing to properly reject certificates signed by an intermediate certificate that has been revoked via a Certificate Revocation List (CRL). This could allow a network-based attacker to establish a connection using a certificate that should be untrusted, potentially bypassing CIP Security protections. | |
| Title | Rockwell Automation CompactLogix® 5380 ControlLogix® 5580 / 1756-EN4 Communications Module – Certificate Revocation List Vulnerability | |
| Weaknesses | CWE-299 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: Rockwell
Published:
Updated: 2026-07-14T15:55:05.004Z
Reserved: 2026-05-26T18:10:55.329Z
Link: CVE-2026-9636
Updated: 2026-07-14T15:55:00.563Z
No data.
No data.
OpenCVE Enrichment
No data.