THE CISA advisory (ICSA-26-197-06) released on July 16, 2026, reports vulnerabilities in Rockwell Automation products: CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix. The noted issues could lead to denial-of-service conditions due to various software versions being affected. The vulnerabilities include CVE-2025-12011, CVE-2025-12012, and CVE-2025-11698, which expose certain controllers to potential exploitation.
CISA recommends users update their devices to specific firmware versions to mitigate risks. The advisory emphasizes minimizing network exposure, employing secure connections, and conducting thorough impact analyses as preventive measures.