In today's industrial ecosystem, the convergence of operating technologies (OT) and information technologies (IT) has opened up new opportunities for efficiency, but it has also exposed vulnerabilities that did not exist before. A recent example that has caught the attention of industrial cybersecurity specialists is the denial-of-service (DoS) vulnerability identified in the Rockwell Automation 1756-EN2, 1756-EN3 and 1756-ENBT communication modules, whose affected versions include up to V12.001 and V6.006 respectively. This flaw, cataloged as CVE-2026-9653, allows an attacker on the network to send manipulated packets of the CIP (Common Industrial Protocol) protocol to continuously interrupt the connections of the devices, generating a denial of service state that, although immediately reversible, can paralyze critical processes in manufacturing environments.
The seriousness of the matter lies in the fact that these modules are widely used in industrial plants around the world, especially in sectors such as critical manufacturing, energy, and process automation. The CVSS v3.1 score of 7.5 (high) and v4.0 of 8.7 (high) reflects the potential impact: while the attack does not compromise the confidentiality or integrity of the data, it does affect availability, which is the most sensitive pillar in continuous production environments. A cessation of operations, no matter how brief, can result in millions of dollars in losses, damage to equipment or even safety risks for personnel.
From a technical perspective, the vulnerability originates from an incorrect validation of the integrity check value in CIP implicit connections. This means that the module does not properly verify whether the received packets meet the expected requirements, allowing a malicious actor to flood the communication with specially crafted frames. Rockwell Automation has confirmed that the 1756-ENBT is discontinued and will not receive patches, while for the EN2 and EN3 series it is recommended to upgrade to version V12.002. In a context where equipment obsolescence is a constant challenge, this situation underscores the need to adopt proactive security strategies.
For companies that depend on these systems, the immediate recommendation is to segment control networks using industrial firewalls and avoid direct exposure to the internet. However, the long-term solution requires a comprehensive approach to cybersecurity that combines regular assessments, continuous monitoring, and firmware updates. This is where having a specialized technology partner makes all the difference. In Q2BSTUDIO, we understand that the protection of industrial assets cannot be based solely on patches; a plan is needed that covers everything from the design of secure architectures to the implementation of OT-specific intrusion detection systems.
One of the most relevant services we offer is precisely cybersecurity and pentesting, where we carry out in-depth audits of networks, applications and industrial devices to identify vulnerabilities like this before they are exploited. Our experts simulate real attacks using methodologies such as OWASP and NIST, and generate actionable reports that allow you to prioritize remediations. In addition, we integrate these tests with artificial intelligence and machine learning services to detect anomalous patterns in network traffic, anticipating threats that traditional systems do not perceive.
The Rockwell vulnerability also reminds us of the importance of maintaining an up-to-date inventory of assets and firmware versions. Many organizations find that they have discontinued or unsupported devices when it's too late. That's why at Q2BSTUDIO we help companies migrate to more modern and secure platforms by developing custom applications that integrate with legacy systems without compromising operation. Our team builds custom software to optimize communication between devices from different manufacturers, ensuring that data flows securely and efficiently.
The cloud has also become a strategic ally for remote plant monitoring, but it also introduces additional attack vectors. We work with AWS and Azure cloud services to deploy hybrid architectures that keep critical data at the edge, while analytics and historical storage are managed in the cloud with strict access controls. Artificial intelligence applied to cybersecurity allows, for example, to train models that detect deviations in CIP traffic patterns, identifying a DoS attack in its early phases.
Beyond cybersecurity, companies can take advantage of these incidents to rethink their business intelligence strategies. By securely capturing data from control devices, it is possible to feed Business Intelligence systems with Power BI to visualize in real time the status of production, detect bottlenecks and predict failures. Our business intelligence services transform operational data into actionable insights, improving decision-making without exposing infrastructure.
Artificial intelligence for companies is no longer a future promise; today we can implement AI agents that continuously monitor internal communications and generate alerts for suspicious behavior. At Q2BSTUDIO we develop intelligent agents capable of learning the normal behavior of an industrial network and triggering automatic responses, such as isolating a compromised module or blocking malicious packets. This automation, combined with AWS and Azure cloud services, allows security to be scaled without the need for 24/7 human teams.
Importantly, the CVE-2026-9653 vulnerability has not been publicly exploited to date, but the fact that a CVE with a high score exists should set off alarm bells in any automation department. Companies still using the affected models should seriously consider replacing obsolete equipment, especially 1756-ENBT, for which there is no patch. In parallel, the implementation of compensatory measures such as mutual authentication on CIP connections, traffic encryption and network segmentation are indispensable steps.
From a business perspective, these types of incidents reinforce the need to invest in cybersecurity as a business enabler, not an expense. Plants that manage to maintain their operational readiness while adopting advanced technologies gain a significant competitive advantage. At Q2BSTUDIO we have accompanied manufacturing, energy and logistics customers in the transition to safer environments, integrating tailor-made software solutions that adapt to their specific processes.
The final reflection is that industrial safety is not a product that is purchased, but a continuous process that requires evaluation, updating and commitment. The vulnerability in Rockwell modules is a reminder that even the most rugged equipment can have cracks. The key is to have an ecosystem of vendors capable of offering not only patches, but also comprehensive defense strategies. At Q2BSTUDIO we combine experience in custom application development, artificial intelligence, cybersecurity and cloud services to build solutions tailored to each client, ensuring that their critical operations are protected against any eventuality.
If your organization uses Rockwell equipment or any other industrial control system, don't wait for a real attack to disrupt your production. Contact us for a free assessment of your security posture and find out how we can help you shield your infrastructure with cutting-edge technologies, including AI agents, Power BI for visual monitoring, and business intelligence services that turn data into decisions. Industrial cybersecurity is a journey, and at Q2BSTUDIO we are ready to accompany you every step of the way.


