CVE-2026-0647 | THREATINT

Description

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.

PUBLISHED Reserved 2026-01-06 | Published 2026-06-16 | Updated 2026-06-16 | Assigner Rockwell

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unaffected

2.012 (custom)

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1775.html

cve.org (CVE-2026-0647)

nvd.nist.gov (CVE-2026-0647)

Download JSON