PatchSiren cyber security CVE debrief
CVE-2025-9177 Rockwell Automation CVE debrief
CVE-2025-9177 is a denial-of-service issue in Rockwell Automation’s 1715 EtherNet/IP Comms Module. According to the CISA CSAF advisory, a high volume of requests can crash the module’s web server. The advisory states that I/O control and communication are not impacted, but the webpage is unavailable until the device is power-cycled.
- Vendor
- Rockwell Automation
- Product
- 1715 EtherNet/IP
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-14
- Original CVE updated
- 2025-10-14
- Advisory published
- 2025-10-14
- Advisory updated
- 2025-10-14
Who should care
OT and ICS teams running Rockwell Automation 1715 EtherNet/IP Comms Module deployments, especially environments where the device web interface is used for administration or monitoring. Network defenders and plant engineers should care most about exposed or reachable management interfaces.
Technical summary
The published advisory describes a network-reachable availability issue with CVSS v3.1 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Excessive request traffic to the web server can cause a crash. The advisory explicitly says the condition does not affect I/O control or communication, but recovery of the webpage requires a power cycle. Rockwell Automation identifies 3.011 and later as the corrected version.
Defensive priority
High for systems with reachable management interfaces. While the impact is limited to web server availability, the issue can still disrupt operator visibility and device administration until the unit is restarted.
Recommended defensive actions
- Check whether any deployed 1715 EtherNet/IP Comms Module instances are running versions earlier than the corrected 3.011 release.
- Apply Rockwell Automation’s corrected version 3.011 or later where operationally feasible.
- If upgrading is not immediately possible, follow Rockwell Automation’s security best practices for the affected product.
- Limit exposure of the device web interface to trusted management networks only.
- Monitor for abnormal request rates or repeated failures of the module web interface.
- Plan maintenance procedures that include a power cycle if the webpage becomes unavailable and recovery is needed.
Evidence notes
The supplied CISA CSAF advisory for ICSA-25-287-01 states that the issue stems from a high number of requests sent to the web server and that a power cycle is required to recover webpage access. The advisory also states that I/O control and communication are not impacted. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Official resources
-
CVE-2025-9177 CVE record
CVE.org
-
CVE-2025-9177 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-9177 was published and last modified on 2025-10-14T06:00:00Z in the supplied advisory data. No KEV listing is included in the supplied corpus.