Rockwell Automation 1715 EtherNet/IP Comms Module Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Rockwell Automation 1715 EtherNet/IP Communications Module, specifically in versions through 3.003. This vulnerability arises from a high volume of requests sent to the web server, potentially causing the server to crash. However, this issue does not affect I/O control or communication. To restore functionality and access the web page, a power cycle is required.

Impact

Exploitation of this vulnerability can lead to a web server crash, requiring a power cycle to recover and regain access to the web interface. In the case of CVE-2025-9178, the denial-of-service impact disrupts CIP communication with the 1715 EtherNet/IP Adapter, necessitating a restart to restore functionality.

Remediation

Users can upgrade to version 3.011 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.