CVE-2026-10577
PUBLISHED
Published: 14 Jul 2026, 12:52
Last modified:14 Jul 2026, 13:19
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
10 CRITICAL
v4.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Jul 2026, 12:52
Published
Vulnerability first disclosed
14 Jul 2026, 13:19
Last Modified
Vulnerability information updated
Description
A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface (CLI) commands. If exploited, a threat actor could read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device.
CVSS Metrics
- v4.0•CRITICAL•Score: 10CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Techniques & Countermeasures
- CWE-306•Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Affected Systems
- rockwell auotmation•1715 ethernet/ip communications module
3.003 and prior