CVE-2026-10577
Rockwell Automation · 1715 EtherNet/IP Communications Module
The Rockwell Automation 1715 EtherNet/IP Communications Module contains an unauthenticated debug port, allowing remote attackers to execute intrusive CLI commands and manipulate device operations.
Executive summary
A critical vulnerability in the Rockwell Automation 1715 EtherNet/IP Communications Module allows unauthenticated remote attackers to gain full control over the device via an exposed debug port.
Vulnerability
This is a missing authentication for critical function vulnerability (CWE-306). An exposed network-accessible debug port fails to enforce privilege controls, permitting an unauthenticated remote attacker to issue CLI commands, modify memory, and alter I/O states.
Business impact
The ability to manipulate I/O states and stop tasks poses a severe risk to operational technology environments, potentially leading to physical process disruption or catastrophic equipment damage. Given the CVSS score of 10.0, this flaw represents the highest level of risk, threatening the confidentiality, integrity, and availability of critical infrastructure components.
Remediation
Immediate Action: Update the 1715 EtherNet/IP Communications Module firmware to version 3.011 or later as specified by the vendor.
Proactive Monitoring: Review network access logs for unauthorized connections to the module and monitor for unexpected changes in device configuration or I/O states.
Compensating Controls: Isolate the affected devices behind a firewall or within a segmented network to restrict access to the debug port from untrusted sources.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability is critical and requires immediate attention to prevent unauthorized remote control of industrial hardware. Organizations should prioritize firmware updates for all affected 1715 modules and enforce strict network segmentation to mitigate the risk of remote exploitation.