CVE-2026-12659

Rockwell Automation · The FLEX 5000 EtherNet/IP Adapter

A double free vulnerability exists in the Rockwell Automation FLEX 5000 EtherNet/IP Adapter, potentially leading to a denial-of-service condition.

Executive summary

A critical double free vulnerability in the Rockwell Automation FLEX 5000 EtherNet/IP Adapter allows unauthenticated attackers to cause a denial-of-service.

Vulnerability

This vulnerability is caused by a double free flaw (CWE-415), which can be triggered by an unauthenticated, remote attacker to crash the affected device.

Business impact

Successful exploitation results in a denial-of-service, which can disrupt industrial control processes and lead to significant operational downtime. With a CVSS score of 8.7, this flaw represents a high risk to availability, particularly in production environments where system uptime is critical.

Remediation

Immediate Action: Upgrade the affected device firmware to version 6.012 or later immediately.

Proactive Monitoring: Monitor network traffic for unusual patterns directed at the EtherNet/IP interface and review system logs for signs of unexpected reboots or service instability.

Compensating Controls: Utilize industrial firewalls or network segmentation to restrict access to the device to only authorized engineering workstations.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the potential for operational disruption, administrators should prioritize the application of the vendor-provided firmware update. Ensure that all affected industrial assets are updated during the next available maintenance window to mitigate the risk of service interruption.