Flex I O Ethernet Ip Adapters
Monthly
Unauthenticated password change in Rockwell Automation 1794-AENTR Flex I/O EtherNet/IP adapter's embedded web server allows remote attackers to overwrite the web interface password via a crafted HTTP GET request to a specific endpoint, enabling full account takeover of the industrial device. The flaw, reported by Rockwell and tracked as CVE-2026-0647 with a CVSS 4.0 base score of 8.8, has no public exploit identified at time of analysis but is trivially exploitable given no authentication, no user interaction, and low attack complexity over the network.
Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.
Unauthenticated password change in Rockwell Automation 1794-AENTR Flex I/O EtherNet/IP adapter's embedded web server allows remote attackers to overwrite the web interface password via a crafted HTTP GET request to a specific endpoint, enabling full account takeover of the industrial device. The flaw, reported by Rockwell and tracked as CVE-2026-0647 with a CVSS 4.0 base score of 8.8, has no public exploit identified at time of analysis but is trivially exploitable given no authentication, no user interaction, and low attack complexity over the network.
Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.