Skip to main content

Flex I O Ethernet Ip Adapters

2 CVEs product

Monthly

CVE-2026-0647 HIGH CISA This Week

Unauthenticated password change in Rockwell Automation 1794-AENTR Flex I/O EtherNet/IP adapter's embedded web server allows remote attackers to overwrite the web interface password via a crafted HTTP GET request to a specific endpoint, enabling full account takeover of the industrial device. The flaw, reported by Rockwell and tracked as CVE-2026-0647 with a CVSS 4.0 base score of 8.8, has no public exploit identified at time of analysis but is trivially exploitable given no authentication, no user interaction, and low attack complexity over the network.

Authentication Bypass Flex I O Ethernet Ip Adapters
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-0646 HIGH CISA This Week

Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.

Information Disclosure Flex I O Ethernet Ip Adapters
NVD
CVSS 4.0
8.7
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated password change in Rockwell Automation 1794-AENTR Flex I/O EtherNet/IP adapter's embedded web server allows remote attackers to overwrite the web interface password via a crafted HTTP GET request to a specific endpoint, enabling full account takeover of the industrial device. The flaw, reported by Rockwell and tracked as CVE-2026-0647 with a CVSS 4.0 base score of 8.8, has no public exploit identified at time of analysis but is trivially exploitable given no authentication, no user interaction, and low attack complexity over the network.

Authentication Bypass Flex I O Ethernet Ip Adapters
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.

Information Disclosure Flex I O Ethernet Ip Adapters
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy