CVE-2026-10577
Received Received - Intake

Unauthenticated Remote CLI Access in 1715-AENTR EtherNet/IP Adapter

Vulnerability report for CVE-2026-10577, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Rockwell Automation

Description

A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
rockwell_automation 1715-aentr_ethernet_ip_adapter to 3.011 (exc)
rockwell_automation 1715-aentr_ethernet_ip_adapter 3.011
rockwell_automation 1715_ethernet_ip_communications_module *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability could impact compliance with several common standards and regulations, depending on the context in which the affected device is used:

  • GDPR (General Data Protection Regulation): If the device processes or stores personal data, unauthorized access or data breaches resulting from this vulnerability could lead to non-compliance with GDPR. GDPR requires organizations to implement appropriate security measures to protect personal data, and failure to do so could result in significant fines.
  • HIPAA (Health Insurance Portability and Accountability Act): If the device is used in a healthcare environment and handles protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI. This would violate HIPAA’s security and privacy rules, potentially resulting in penalties.
  • Industrial standards (e.g., IEC 62443, NIST SP 800-82): The vulnerability could lead to non-compliance with industrial cybersecurity standards that require proper authentication and access controls for critical infrastructure. Failure to address such vulnerabilities may result in audit failures or loss of certification.

Organizations using the affected device should assess their compliance obligations and take steps to mitigate the vulnerability to avoid potential regulatory violations.

Executive Summary

CVE-2026-10577 is a critical security vulnerability affecting the Rockwell Automation 1715-AENTR EtherNet/IP Adapter with firmware versions 3.003 and prior. The vulnerability involves an exposed network-accessible debug port that lacks proper authentication controls.

This debug port allows unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could perform actions such as reading or deleting files, stopping tasks, modifying memory, and changing I/O states on the affected device.

The vulnerability impacts the confidentiality, integrity, and availability of the device, as unauthorized users could gain control over critical functions.

Impact Analysis

If you are using the affected Rockwell Automation 1715-AENTR EtherNet/IP Adapter, this vulnerability could have several impacts:

  • Unauthorized access: An attacker could remotely access the device without needing authentication, gaining control over its operations.
  • Data breaches: The attacker could read or delete sensitive files stored on the device, leading to loss of confidentiality.
  • Operational disruption: The attacker could stop tasks, modify memory, or alter I/O states, potentially causing downtime or unsafe conditions in industrial processes.
  • Integrity and availability risks: Modifying device configurations or memory could compromise the integrity of the system, while stopping tasks or altering I/O states could disrupt availability.

Since the affected product is used in high-availability industrial automation applications, exploitation could lead to significant operational and safety risks.

Detection Guidance

To detect the vulnerability on your network or system, you can check for the presence of the exposed debug port on the Rockwell Automation 1715-AENTR EtherNet/IP Adapter. The debug port is network-accessible and does not enforce proper privilege controls.

  • Use network scanning tools like Nmap to identify open ports on the device. The debug port may be non-standard, so scan all ports if unsure.
  • Example Nmap command to scan for open ports: nmap -p- <device_ip_address>
  • Check the firmware version of the 1715-AENTR EtherNet/IP Adapter. Versions 3.003 and prior are affected. You can verify the firmware version through the device's management interface or CLI if accessible.
  • Monitor network traffic for unexpected connections to the device, particularly on non-standard ports, which may indicate exploitation attempts.
Mitigation Strategies

Immediate steps to mitigate this vulnerability include the following actions:

  • Upgrade the firmware of the 1715-AENTR EtherNet/IP Adapter to version 3.011 or later, as this version addresses the vulnerability. Firmware updates can be obtained from Rockwell Automation's official support channels.
  • If upgrading is not immediately possible, restrict network access to the device by implementing firewall rules or network segmentation to block access to the debug port from unauthorized sources.
  • Disable or close the exposed debug port if it is not required for legitimate operations. This can be done through the device's configuration settings.
  • Follow Rockwell Automation's security best practices, such as disabling unused services, enforcing strong access controls, and monitoring for suspicious activity on the network.
  • Monitor the device for signs of exploitation, such as unexpected file changes, task interruptions, or unauthorized I/O state modifications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart