CVE-2026-0647

HIGH EPSS 34.8%

Published Jun 16, 20261w ago · Modified Jun 17, 20261w ago

8.8 CVSS 4.0

High

Published Jun 16, 2026 1w ago

Last Modified Jun 17, 2026 1w ago

Description

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.

CVSS Details

Base Score

8.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

34.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

References 1

rockwellautomation.com https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.