On June 16, 2026, CISA published ICS Advisory ICSA-26-167-03 documenting a denial-of-service vulnerability affecting Rockwell Automation Logix 5370 and 5570 Controllers. According to the official CISA advisory, successful exploitation of this vulnerability could cause a denial-of-service condition resulting in a major nonrecoverable fault (MNRF)—a category-level failure that may require manual intervention or hardware replacement to restore normal operation.
The vulnerability is accessible via the Common Industrial Protocol (CIP), a widely deployed standard in manufacturing, water treatment, electrical distribution, and other critical infrastructure sectors. This means affected controllers networked on industrial systems using CIP communications are potentially exposed if not isolated or patched.
Why this matters: Logix controllers are foundational components in process automation and safety-critical systems. An MNRF isn't a temporary hiccup—it's a hard stop. In manufacturing, this translates to production halts. In utilities, it could affect SCADA monitoring or control. The window between disclosure and active exploitation for ICS vulnerabilities historically compresses rapidly once technical details circulate.
What to watch: The CISA advisory and accompanying CSAF file contain specific version information and mitigation guidance. Organizations running affected Logix models should immediately cross-reference their inventory against CISA's list and implement recommended mitigations—typically network segmentation, access controls, or firmware updates when available. The fact that this vulnerability requires network access via CIP suggests air-gapping or strict network boundary controls are the primary defensive posture until patches are deployed.
This incident underscores a persistent vulnerability class in industrial systems: protocol-level denial-of-service attacks that don't require authentication or code injection, just crafted packets. Historical precedent (Stuxnet, NotPetya) shows that ICS vulnerabilities, once public, become operational priorities for threat actors within weeks.
