CVE-2025-9178
Description
A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in Rockwell Automation 1715-AENTR EtherNet/IP Adapter via crafted CIP payloads, requiring a restart to recover.
CVE-2025-9178 describes a denial-of-service (DoS) vulnerability in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter. The issue stems from a flaw in CIP communication handling, where specially crafted payloads can cause an out-of-bounds write (CWE-787) [1].
An attacker with network access to the adapter can exploit this by sending malicious CIP packets. No authentication is required to trigger the vulnerability, making it remotely exploitable. The attack does not require any special privileges or user interaction [1].
Successful exploitation results in a complete loss of CIP communication with the adapter, disrupting industrial control operations. The device requires a physical restart to restore functionality. The CVSS base score is 7.5 (CVSS 3.1) or 7.7 (CVSS 4.0), indicating high severity [1].
Rockwell Automation has addressed this vulnerability in firmware version 3.011 and later. Users running version 3.003 or prior should upgrade to the corrected version. No workarounds are provided, and the vulnerability is not currently listed in the Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.