Skip to main content

1719-AENTR EUVDEUVD-2026-43693

| CVE-2026-9140 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-14 Rockwell GHSA-59qg-236r-79mg
8.7
CVSS 4.0 · Vendor: Rockwell
Share

Severity by source

Vendor (Rockwell) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable UDP flood with no auth or interaction and low complexity (AV:N/AC:L/PR:N/UI:N); impact is availability-only (A:H, C:N/I:N) with no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Rockwell).

CVSS VectorVendor: Rockwell

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 15:34 vuln.today
CVE Published
Jul 14, 2026 - 14:52 cve.org
HIGH 8.7

DescriptionCVE.org

A denial-of-service security issue exists in the 1719-AENTR. The security issue stems from improper handling of a UDP unicast network storm, which causes the device to become overloaded and lose communication. A power cycle is required to recover.

AnalysisAI

Denial-of-service in the Rockwell Automation 1719-AENTR (and companion 1718-AENTR) EtherNet/IP adapter allows remote attackers to overload the device with a UDP unicast network storm, causing loss of communication that requires a manual power cycle to recover. The CVSS 4.0 score of 8.7 reflects a high availability impact reachable over the network with no privileges or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to OT network segment
Delivery
Target 1719-AENTR adapter IP
Exploit
Send sustained UDP unicast storm
Execution
Exhaust adapter resources
Persist
Adapter loses communication (DoS)
Impact
Process outage until manual power cycle

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be able to send UDP unicast traffic to the 1718-AENTR/1719-AENTR adapter and to sustain a network storm sufficient to overload it - the specific trigger named in the advisory is a UDP unicast network storm, not merely generic traffic. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates a network-reachable, low-complexity attack requiring no authentication or interaction, with impact confined entirely to availability of the vulnerable system (VA:H; VC:N/VI:N/VA:H, no subsequent-system scope). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the OT network segment - for example via a compromised engineering workstation or an exposed/flat industrial network - directs a sustained stream of UDP unicast packets at a 1719-AENTR adapter. The adapter's resources are exhausted, it stops communicating with its Logix controller and distributed I/O, and operators must physically power-cycle the module to restore control, causing a process outage. …
Remediation Consult Rockwell Automation advisory SD1778 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1778.html) for the vendor-recommended fixed firmware; an exact patched version is not specified in the provided data, so treat patch status as 'Patch available per vendor advisory' pending confirmation of the exact release. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all deployed Rockwell Automation 1719-AENTR and 1718-AENTR adapters and identify which are externally or broadly internally accessible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy