CVE-2026-0647

Vulnerability Description

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-306

Source

NVD

External References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1775.html

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment