PatchSiren cyber security CVE debrief
CVE-2026-0646 Rockwell Automation CVE debrief
CVE-2026-0646 is a HIGH-severity denial-of-service vulnerability in the 1794-AENTR adapter. The issue arises from improper memory handling of CIP protocol requests, which can cause the adapter to fault and lose connection to its associated I/O modules. A manual reset is required to recover from this vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7.
- Vendor
- Rockwell Automation
- Product
- FLEX I/O EtherNet/IP Adapters
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Organizations using the 1794-AENTR adapter should prioritize patching this vulnerability to prevent potential denial-of-service attacks.
Technical summary
The vulnerability exists due to improper memory handling of CIP protocol requests in the 1794-AENTR adapter. This can result in the adapter faulting and losing connection to its associated I/O modules.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches or updates to the 1794-AENTR adapter as recommended by the vendor.
- Review and implement secure configuration and operation practices for the adapter and its associated I/O modules.
Evidence notes
The CVE record and details were obtained from the official CVE.org and NVD sources.
Official resources
-
CVE-2026-0646 CVE record
CVE.org
-
CVE-2026-0646 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0646 was published on 2026-06-16T15:16:33.567Z and modified on 2026-06-16T15:26:04.250Z.