CVE-2026-10577 PUBLISHED

Rockwell Automation 1715 Redundant IO – Access Control Vulnerability

Assigner: Rockwell
Reserved: 01.06.2026 Published: 14.07.2026 Updated: 14.07.2026

A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 10

Product Status

Vendor Rockwell Auotmation
Product 1715 EtherNet/IP Communications Module
Versions Default: unaffected
  • Version 3.003 and prior is affected

Solutions

Upgrade to  3.011 or later

References

Problem Types

  • CWE-306 Missing authentication for critical function CWE