TL;DR
A maximum-severity Rockwell Automation vulnerability, CVE-2026-10577, affects the 1715 Redundant I/O EtherNet/IP adapter (1715-AENTR). The access control flaw scores 10.0 on both CVSS 3.1 and CVSS 4.0 scales. Firmware 3.011 fixes the issue, and no exploitation has been confirmed.
- CVE: CVE-2026-10577
- CVSS: 10 (Critical · CVSSv4)
- Product: Rockwell Auotmation 1715 EtherNet/IP Communications Module
- Affected: 3.003 and prior
- Impact: Rockwell Automation 1715 Redundant IO – Access Control Vulnerability
- Status: No confirmed exploitation yet
- EPSS: 0.3% (30-day)
- Action: Update to firmware 3.011!
Why It Matters
The 1715 module is a fault-tolerant adapter built for high-availability industrial environments. These devices carry redundant I/O traffic in plants where downtime is costly or dangerous. A perfect-10 flaw on such hardware therefore threatens both process safety and uptime. Rockwell found the issue internally during routine testing, and its advisory lists the flaw as not known to be exploited. Even so, unauthenticated network access to an OT device warrants fast action.
How the Attack Works
The flaw maps to CWE-306, missing authentication for a critical function. The affected product exposes a network-accessible debug port without proper privilege controls. According to the advisory, this allows “unauthenticated remote access to intrusive command-line interface (CLI) commands.” An attacker who reaches the port could read or delete files, stop tasks, modify memory, and change I/O states. As a result, the confidentiality, integrity, and availability of the device are all at risk.
Affected Versions
The Rockwell Automation vulnerability affects 1715 Redundant I/O firmware version 3.003 and prior, on catalog number 1715-AENTR. Firmware 3.011 contains the fix.
Patch and Mitigation Steps
Upgrade affected modules to firmware 3.011 as soon as maintenance windows allow. If an upgrade is not yet possible, apply Rockwell’s security best practices: segment OT networks, restrict access to the module, and block unneeded ports at the boundary.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.