Description
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authentication bypass in the embedded web server of the 1794-AENTR adapter. An unauthenticated attacker can send a crafted GET request to a specific endpoint and change the web‑interface password. This allows the attacker to gain administrative privileges, takeover the device, and potentially disrupt its web‑server service. It is a weakness defined by CWE‑306.

Affected Systems

The affected devices are Rockwell Automation FLEX I/O EtherNet/IP Adapters, specifically the 1794-AENTR model. No additional version details are supplied, so any adapter running the vulnerable firmware is potentially at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, and the EPSS score of less than 1% suggests that active exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog, so no public exploits are known. The likely attack vector involves remote access over the Ethernet/IP network to the adapter’s web interface, without requiring prior authentication, making it potentially exploitable by anyone with network connectivity to the device.

Generated by OpenCVE AI on June 17, 2026 at 21:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Rockwell Automation firmware package that fixes the authentication bypass.
  • Immediately change the default web interface password to a strong, unique password on all adapters.
  • Restrict network access to the adapter’s web interface using firewall rules or VLAN segmentation so only authorized systems can reach it.
  • If a patch is unavailable, block the vulnerable HTTP GET endpoint at the network boundary to prevent credential changes.

Generated by OpenCVE AI on June 17, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation flex I/o Ethernet/ip Adapter
Vendors & Products Rockwellautomation
Rockwellautomation flex I/o Ethernet/ip Adapter

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.
Title Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Rockwellautomation Flex I/o Ethernet/ip Adapter
cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2026-06-16T15:23:45.399Z

Reserved: 2026-01-06T16:09:07.074Z

Link: CVE-2026-0647

cve-icon Vulnrichment

Updated: 2026-06-16T15:23:41.948Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T15:16:33.687

Modified: 2026-06-16T15:26:04.250

Link: CVE-2026-0647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:17Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function