CVE-2026-10573
Rockwell Automation · 1734 POINT I/O
A resource exhaustion vulnerability exists in the Rockwell Automation 1734 POINT I/O module, allowing unauthenticated attackers to trigger a denial-of-service.
Executive summary
A high-severity resource exhaustion vulnerability in the Rockwell Automation 1734 POINT I/O module poses a significant risk of service disruption.
Vulnerability
The device is susceptible to resource exhaustion (CWE-770) because it performs allocation of resources without proper limits or throttling, which can be exploited by an unauthenticated, remote attacker to crash the module.
Business impact
The ability for an attacker to remotely exhaust system resources can lead to critical failures in industrial automation tasks. The CVSS score of 8.7 reflects the high impact on system availability and the relative ease of exploitation for an attacker with network access.
Remediation
Immediate Action: Review the vendor security advisory at the provided reference link to determine if a patch or configuration workaround is available for your specific deployment.
Proactive Monitoring: Monitor device health metrics and network logs for anomalous behavior that suggests resource saturation or unexpected service degradation.
Compensating Controls: Implement strict network access control lists to limit communication with the I/O module to trusted controllers and engineering stations only.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Security teams must treat this vulnerability with high urgency due to the risk of remote, unauthenticated disruption. Consult the official Rockwell Automation security advisory SD1779 for the latest guidance on mitigation and available firmware updates.