CVE-2026-0646
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of R...
Affects 0 products across 1 vendor.
Software does not release allocated memory after use, causing progressive consumption until failure.
Rockwell Automation FLEX I/O EtherNet/IP Adapters (1794-AENTR and 1794-AENTRXT) running firmware V2.012 contain a memory management vulnerability (missing release of memory) that can be exploited remotely to achieve unauthorized access, account takeover, and denial of service. With a CVSS score of 9.4, this is a critical severity issue directly impacting industrial I/O adapter infrastructure used in manufacturing and process control environments. Successful exploitation could disrupt physical I/O operations, cause loss of availability of field devices, or allow an attacker to take control of the adapter and manipulate connected field instrumentation.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-0646?
Is CVE-2026-0646 actively exploited?
How do I remediate CVE-2026-0646?
What systems are affected by CVE-2026-0646?
| CVE ID | CVE-2026-0646 |
|---|---|
| Published | 2026-06-16 |
| Last Modified | 2026-06-16 |
| ICS Relevance | 55% |
| Weakness (CWE) | |
| Protocols | |
| Source | NVD |
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rockwell Automation FLEX I/O EtherNet/IP Adapters are affected: 1794-AENTR V2.012 (CVE-2026-0646, CVE-2026-0647) 1794-AENTRXT V2.012 (CVE-2026-0646, CVE-2026-0647) CVSS Vendor Equipment Vulnerabilities v3 9.4 Rockwell Automation Rockwell Automation FLEX I/O EtherNet/IP Adapters Missing Release of Memory
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Rockwell Automation | — | — |
No patched firmware version has been publicly confirmed at this time. Monitor Rockwell Automation's official security advisory portal for firmware updates addressing memory release vulnerabilities in 1794-AENTR and 1794-AENTRXT V2.012.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy IDS/IPS sensors on the OT network segment at the industrial DMZ boundary. Block all inbound EtherNet/IP traffic (TCP port 44818 and UDP port 2222) to 1794-AENTR and 1794-AENTRXT adapters from any source other than explicitly whitelisted engineering workstations and PLCs. Additionally, rate-limit CIP connection requests to these adapters to detect and suppress resource exhaustion attempts indicative of memory leak exploitation.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →