CVE-2026-12659
Rockwell Automation · The FLEX 5000 EtherNet/IP Adapter
A double free vulnerability exists in the Rockwell Automation FLEX 5000 EtherNet/IP Adapter, potentially leading to a denial-of-service condition.
Executive summary
A critical double free vulnerability in the Rockwell Automation FLEX 5000 EtherNet/IP Adapter allows unauthenticated attackers to cause a denial-of-service.
Vulnerability
This vulnerability is caused by a double free flaw (CWE-415), which can be triggered by an unauthenticated, remote attacker to crash the affected device.
Business impact
Successful exploitation results in a denial-of-service, which can disrupt industrial control processes and lead to significant operational downtime. With a CVSS score of 8.7, this flaw represents a high risk to availability, particularly in production environments where system uptime is critical.
Remediation
Immediate Action: Upgrade the affected device firmware to version 6.012 or later immediately.
Proactive Monitoring: Monitor network traffic for unusual patterns directed at the EtherNet/IP interface and review system logs for signs of unexpected reboots or service instability.
Compensating Controls: Utilize industrial firewalls or network segmentation to restrict access to the device to only authorized engineering workstations.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the potential for operational disruption, administrators should prioritize the application of the vendor-provided firmware update. Ensure that all affected industrial assets are updated during the next available maintenance window to mitigate the risk of service interruption.