Vulnerability intelligence
CVE-2026-0647
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.
CVSS Score
8.8
High
EPSS — Exploit Probability
0.4%
Riskier than 31% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
1 article across 1 outlet · first covered Jun 19, 2026 · latest Jun 19, 2026
Tracked incidents
Coverage timeline
-
Rockwell Automation patches multiple ICS flawssecurityonline.info · Jun 19, 2026