Description
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
Published: 2026-06-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The 1794-AENTR adapter suffers from improper memory handling of CIP protocol requests, leading to a denial-of-service when the adapter faults. This fault severely impacts the connection to associated I/O modules, requiring a manual reset. The vulnerability’s nature is a memory leak (CWE-401), which potentially exhausts adapter resources during normal operation.

Affected Systems

Affected are Rockwell Automation FLEX I/O EtherNet/IP Adapters, specifically the 1794-AENTR model. No specific firmware version numbers are supplied, so all installations of this adapter type are potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, coupled with an EPSS score of less than 1% meaning exploitation is unlikely under current conditions. The vulnerability is not listed in CISA KEV, and no official solution is provided currently. It is likely that a remote attacker could exploit the issue by sending crafted CIP protocol requests over the network, which would trigger the memory error and cause a fault. Proper remediation can mitigate this risk.

Generated by OpenCVE AI on June 17, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the adapter firmware to the latest version released by Rockwell Automation.
  • Disable any unused CIP services on the adapter if possible to reduce the attack surface.
  • Monitor the adapter logs for unexpected reset events and configure alerts to detect recurring faults.

Generated by OpenCVE AI on June 17, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation flex I/o Ethernet/ip Adapter
Vendors & Products Rockwellautomation
Rockwellautomation flex I/o Ethernet/ip Adapter

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
Title Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
Weaknesses CWE-401
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Rockwellautomation Flex I/o Ethernet/ip Adapter
cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2026-06-16T15:24:33.927Z

Reserved: 2026-01-06T16:08:44.716Z

Link: CVE-2026-0646

cve-icon Vulnrichment

Updated: 2026-06-16T15:24:30.668Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T15:16:33.567

Modified: 2026-06-16T15:26:04.250

Link: CVE-2026-0646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:20Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime