Vulnerabilites related to Rockwell Automation - 1715-AENTR EtherNet/IP Adapter
CVE-2025-9178 (GCVE-0-2025-9178)
Vulnerability from cvelistv5
Published
2025-10-14 12:51
Modified
2025-10-14 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | 1715-AENTR EtherNet/IP Adapter |
Version: Version 3.003 and prior |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:32:28.322813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T13:33:43.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1715-AENTR EtherNet/IP Adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 3.003 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eA denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover. \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e"
}
],
"value": "A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:51:36.797Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to \n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=64471\"\u003eVersion 3.011 and later\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to \n\n Version 3.011 and later https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx"
}
],
"source": {
"advisory": "SD1757",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9178",
"datePublished": "2025-10-14T12:51:36.797Z",
"dateReserved": "2025-08-19T15:16:36.795Z",
"dateUpdated": "2025-10-14T13:33:43.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9177 (GCVE-0-2025-9177)
Vulnerability from cvelistv5
Published
2025-10-14 12:48
Modified
2025-10-14 13:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication . A power cycle is required to recover and utilize the webpage.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | 1715-AENTR EtherNet/IP Adapter |
Version: Version 3.003 and prior |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:36:13.254823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T13:36:19.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1715-AENTR EtherNet/IP Adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 3.003 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eA denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication\u003cu\u003e\u0026nbsp;\u003c/u\u003e. A power cycle is required to recover and utilize the webpage\u003cu\u003e.\u003c/u\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e"
}
],
"value": "A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication\u00a0. A power cycle is required to recover and utilize the webpage."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:51:29.204Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to\u0026nbsp;\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=64471\"\u003eVersion 3.011 and later\u003cdiv\u003e\u003c/div\u003e\u003c/a\u003e"
}
],
"value": "Upgrade to\u00a0\n\n Version 3.011 and later\n\n https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx"
}
],
"source": {
"advisory": "SD1757",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9177",
"datePublished": "2025-10-14T12:48:52.124Z",
"dateReserved": "2025-08-19T14:42:40.813Z",
"dateUpdated": "2025-10-14T13:36:19.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}