CVE-2026-9140

Rockwell Automation · 1718-AENTR/1719-AENTR

A resource exhaustion vulnerability in the Rockwell Automation 1718-AENTR and 1719-AENTR modules allows unauthenticated, remote attackers to cause a denial-of-service.

Executive summary

A high-severity resource exhaustion vulnerability in Rockwell Automation 1718-AENTR and 1719-AENTR modules presents a risk of remote denial-of-service.

Vulnerability

This issue stems from improper resource allocation (CWE-770), where the device fails to throttle resource usage, allowing an unauthenticated attacker to remotely overwhelm the system and cause a denial-of-service.

Business impact

Exploitation of this vulnerability could result in the loss of control or monitoring capabilities for automated systems. The CVSS score of 8.7 highlights the severity of the risk to operational continuity, as the attack vector is network-based and requires no authentication.

Remediation

Immediate Action: Consult the official vendor security advisory for the 1718-AENTR and 1719-AENTR modules to identify the necessary firmware update or configuration change.

Proactive Monitoring: Implement monitoring for network traffic anomalies and device resource utilization spikes that could indicate an attempt to overwhelm the module.

Compensating Controls: Apply network-level filtering to ensure that only authorized traffic can reach the affected modules, effectively reducing the attack surface.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Administrators should take immediate steps to isolate these modules from public or untrusted networks while awaiting or applying official vendor remediation. Refer to advisory SD1778 for specific instructions provided by Rockwell Automation to address this resource exhaustion flaw.