Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remote network-reachable CIP service, no auth or user interaction, low complexity; impact is pure availability (adapter fault requiring manual reset), no confidentiality or integrity loss.
Primary rating from Vendor (Rockwell).
CVSS VectorVendor: Rockwell
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
AnalysisAI
Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.
Technical ContextAI
The 1794-AENTR is a FLEX I/O EtherNet/IP communication adapter from Rockwell Automation that bridges distributed I/O modules to a control network using the Common Industrial Protocol (CIP) over EtherNet/IP. CWE-401 (Missing Release of Memory after Effective Lifetime) indicates a memory leak: as the adapter processes specific CIP requests, allocated memory is not freed, eventually exhausting resources and causing a fault state. CIP is the application-layer protocol carried over EtherNet/IP (TCP/44818 and UDP/2222), and its parsing logic in resource-constrained embedded firmware is a recurring source of robustness issues across ICS vendors.
RemediationAI
Patch status from available data is unclear - Patch available per vendor advisory SD1775 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html), and operators should consult that bulletin for the exact fixed firmware revision before scheduling a maintenance window. Where immediate firmware update is not feasible, segment the control network so the 1794-AENTR is reachable only from trusted engineering workstations and PLCs, block EtherNet/IP (TCP/44818, UDP/2222) at the IT/OT boundary, and apply CIP-aware deep packet inspection on an industrial firewall to drop malformed requests; the trade-off is that overly aggressive filtering can disrupt legitimate Class 1 I/O traffic, so test in a staging cell first. Monitor adapter health via the controller and alert on connection loss so a manual reset can be performed promptly if exploitation occurs.
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37121
GHSA-42rg-42xm-fx4v