CVE-2026-0646

Vulnerability

A denial-of-service vulnerability exists in the Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapter due to improper memory handling of CIP protocol requests (CWE-401). The adapter fails to release memory after processing certain CIP requests, leading to resource exhaustion. This affects firmware version 2.012 of catalog numbers 1794-AENTR and 1794-AENTRXT [1].

Exploitation

An attacker with network access to the adapter can send specially crafted CIP protocol requests without any prior authentication. The improper memory handling causes the adapter to fault, losing connection to its associated I/O modules. No user interaction is required; the attack is purely network-based [1].

Impact

Successful exploitation results in a denial-of-service condition. The adapter faults and disconnects from its I/O modules, disrupting communication between the I/O modules and Logix controllers. The device requires a manual power cycle or reset to recover. No data integrity or confidentiality is compromised, but availability is severely impacted [1].

Mitigation

Rockwell Automation has released firmware version 2.013 to correct this vulnerability. Users should update the affected 1794-AENTR and 1794-AENTRXT adapters to version 2.013 or later. No workarounds are provided. This vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog [1].