Summary
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability.
The following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected:
- 1794-AENTR V2.012 (CVE-2026-0646, CVE-2026-0647)
- 1794-AENTRXT V2.012 (CVE-2026-0646, CVE-2026-0647)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.4 | Rockwell Automation | Rockwell Automation FLEX I/O EtherNet/IP Adapters | Missing Release of Memory after Effective Lifetime, Missing Authentication for Critical Function |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2026-0646
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
Affected Products
Rockwell Automation FLEX I/O EtherNet/IP Adapters
Rockwell Automation
Rockwell Automation 1794-AENTR: V2.012, Rockwell Automation 1794-AENTRXT: V2.012
known_affected
Remediations
Mitigation
Rockwell Automation recommends users update to 2.013 to resolve these vulnerabilities.
Mitigation
For more information, please visit Rockwell Automation’s SD1775 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html
Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 4.0 | 8.7 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
CVE-2026-0647
An improper authentication security issue exists within the 1794-AENTR adapter’s embedded web server. The vulnerability allows an unauthenticated attacker to change the device’s web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.
Affected Products
Rockwell Automation FLEX I/O EtherNet/IP Adapters
Rockwell Automation
Rockwell Automation 1794-AENTR: V2.012, Rockwell Automation 1794-AENTRXT: V2.012
known_affected
Read the original article: