Back to overview

CVE-2026-10577

CRITICAL
10.0
CVSS 4.0
Description
A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.

Metadata

CVE ID
CVE-2026-10577
State
PUBLISHED
Assigner
Rockwell
Reserved
2026-06-01 17:15 UTC
Published
2026-07-14 12:52 UTC
Last updated
2026-07-14 13:19 UTC
Primary CWE
CWE-306
CWE-306 Missing authentication for critical function
Vendor / Product
Rockwell Auotmation / 1715 EtherNet/IP Communications Module
Sources
cve.org  ·  NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Rockwell Auotmation 1715 EtherNet/IP Communications Module 3.003 and prior
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306 Missing authentication for critical function
CVSS scores (1)
ScoreSeverityVersionSourceVector
10.0 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Back to overview