CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

CVE-2026-0647

The 1794-AENTR adapter (Rockwell Automation FLEX I/O dual‑port EtherNet/IP) has an improper authentication flaw in its embedded web server. An unauthenticated attacker can change the device web interface password by sending a crafted HTTP GET request to a specific endpoint, without prior authenti...

CVE-2026-0646 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

CVE-2026-0646

The affected product is Rockwell Automation 1794-AENTR adapters (EtherNet/IP). The issue is a denial-of-service caused by improper memory handling of CIP protocol requests in the 1794-AENTR adapter, which can cause the device to fault and drop connections to its linked I/O modules, requiring a ma...

CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

CVE-2025-13036 Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...

CVE-2026-9307

The CVE-2026-9307 issue affects CompactLogix 5370 controllers where the web server exposes CIP Connection IDs on the diagnostics page to unauthenticated users, enabling an attacker to craft malicious packets and cause Denial-of-Service. The available documents do not specify affected firmware ver...

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

CVE-2025-11694

The CVE-2025-11694 issue affects 1769 CompactLogix controllers (CIP protocol). The root cause is missing validation of sequence numbers and source IP addresses, enabling an attacker to abuse exposed Connection IDs visible on the web interface to trigger denial-of-service conditions resulting in a...

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

CVE-2026-11317 Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...

CVE-2026-11317

CVE-2026-11317 affects Rockwell Automation Logix 5370 and 5570 controllers. The issue is a denial-of-service fault triggered by a crafted CIP message, with memory-constrained devices more likely to be affected. Consequences described are a major nonrecoverable fault (MNRF) requiring a program dow...

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

CVE-2020-25180

creationtimestamp| type| source ---|---|--- 2026-03-10 04:00:00+00:00| seen| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html...

CVE-2020-25178

creationtimestamp| type| source ---|---|--- 2026-03-10 04:00:00+00:00| seen| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html...

CVE-2025-13823

creationtimestamp| type| source ---|---|--- 2026-03-10 04:00:00+00:00| seen| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html...

CVE-2020-25176

creationtimestamp| type| source ---|---|--- 2026-03-10 04:00:00+00:00| seen| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html...

CVE-2025-13824

creationtimestamp| type| source ---|---|--- 2026-03-10 04:00:00+00:00| seen| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html...

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed bel...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10850)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which stems from the device being unresponsive during fuzzing tests using Defensics, and can be exploited by an attacker...