CVE-2026-0647
Awaiting Analysis Awaiting Analysis - Queue
Improper Authentication in 1794-AENTR Adapter Web Server

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Rockwell Automation

Description
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication beingΒ required. If exploited, this could lead to unauthorized access, account takeover, and loss ofΒ theΒ device’s embedded web server’sΒ availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-0647
EUVD
EUVD-2026-37122
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
rockwell_automation 1794-aentr *
rockwell_automation flex_i/o_dual-port_ethernet/ip_adapters 2.012
rockwell_automation flex_i/o_dual-port_ethernet/ip_adapters 2.013
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper authentication issue in the embedded web server of the 1794-AENTR adapter. It allows an attacker who is not authenticated to change the device's web interface password by sending a specially crafted HTTP GET request to a specific endpoint. This action does not require any prior authentication.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to the device, takeover of user accounts, and loss of availability of the device's embedded web server.

Mitigation Strategies

To mitigate the vulnerability in the 1794-AENTR adapter's embedded web server that allows unauthenticated password changes, immediate steps should include restricting network access to the device's web interface to trusted users only.

Additionally, monitor for any unauthorized HTTP GET requests targeting the device's web interface endpoints.

Since no direct mitigation commands or detection methods are provided, the best course of action is to apply any available firmware updates or patches from the vendor once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0647. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart