Executive Summary

CVE-2025-9178 is a denial-of-service (DoS) vulnerability affecting the Rockwell Automation 1715 EtherNet/IP Adapter. It is caused by crafted payloads sent through CIP (Common Industrial Protocol) communication, which can result in loss of CIP communication with the adapter. To recover from this issue, a device restart is required. The vulnerability is classified under CWE-787 (Out-of-bounds Write) and affects versions prior to 3.011 of the adapter's software. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial-of-service condition by disrupting CIP communication with the 1715 EtherNet/IP Adapter. This disruption means that the adapter will stop communicating over CIP until it is restarted, potentially causing downtime or loss of communication in industrial control systems relying on this device. Recovery requires a device restart, and no workaround is available other than upgrading to a fixed software version. [1]

Useful 0 Not Useful 0

Detection Guidance

The vulnerability can be detected by monitoring for loss of CIP communication with the 1715 EtherNet/IP Adapter caused by crafted CIP payloads. Specific detection commands are not provided in the available resources. Monitoring network traffic for unusual or crafted CIP payloads targeting the adapter may help identify exploitation attempts. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading the 1715 EtherNet/IP Adapter software to version 3.011 or later, where the vulnerability is corrected. No workarounds are available. If upgrading is not immediately possible, follow Rockwell Automation's security best practices and consider contacting Rockwell Automation TechConnect for support. A device restart is required to recover from an attack. [1]

Useful 0 Not Useful 0