CISA 2026-06-16

Rockwell Automation FLEX I/O EtherNet/IP Adapters

Machine-generated analysis · WAYSCloud LLM

The advisory states that exploitation could lead to unauthorized access and loss of availability due to memory handling and authentication flaws in specific FLEX I/O adapter versions.

Context

Rockwell Automation FLEX I/O EtherNet/IP Adapters are industrial communication devices used in automation systems. The advisory identifies two vulnerabilities: one involving improper memory handling leading to denial of service, and another involving missing authentication for critical functions. Both vulnerabilities affect version V2.012 of the 1794-AENTR and 1794-AENTRXT adapters. The adapters are deployed worldwide and used in critical manufacturing sectors.

Operator considerations

Check: Determine if 1794-AENTR or 1794-AENTRXT adapters with firmware V2.012 are in use.
Patch: Update affected adapters to firmware version 2.013 as recommended by Rockwell Automation.
Log: Monitor network traffic for unexpected CIP protocol requests that could indicate exploitation attempts.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability.

The following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected:

1794-AENTR V2.012 (CVE-2026-0646, CVE-2026-0647)

1794-AENTRXT V2.012 (CVE-2026-0646, CVE-2026-0647)

Vendor

Equipment

Rockwell Automation

Rockwell Automation FLEX I/O EtherNet/IP Adapters

Missing Release of Memory after Effective Lifetime, Missing Authentication for Critical Function

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associate...

Read the full advisory on CISA →