Rockwell Automation 1715 EtherNet/IP Comms Module

MonitorCVSS 7.5ICS-CERT ICSA-25-287-01Oct 14, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The 1715 EtherNet/IP Comms Module contains buffer overflow and improper resource handling vulnerabilities (CWE-770, CWE-787) in its web server. Successful exploitation causes the web server process to crash, requiring a manual restart to restore connectivity. The module cannot be accessed via the web interface while the server is down, impacting device configuration and monitoring until recovery.

What this means

What could happen

An attacker could crash the web server on the 1715 EtherNet/IP Comms Module, forcing a restart and briefly disrupting communication with the device. This denial-of-service could delay monitoring or reconfiguration of connected industrial equipment.

Who's at risk

Water utilities, electric utilities, and discrete manufacturing facilities using Rockwell Automation 1715 EtherNet/IP Comms Modules to manage communications on industrial networks. This includes systems that rely on the module for remote monitoring, configuration, or diagnostics of industrial devices.

How it could be exploited

An attacker with network access to the module's web server (port 80/443) could send a specially crafted HTTP request that triggers a memory or bounds-checking vulnerability, causing the web server process to crash and become unreachable.

Prerequisites

Network access to the 1715 EtherNet/IP Comms Module on its web service ports (typically 80/443)
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5)no patch available for versions 3.003 and earlier

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

1715 EtherNet/IP CommsAll versionsNo fix (EOL)

1715 EtherNet/IP: <=3.003≤ 3.003No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the module's web service ports (80, 443) using firewall rules; allow only authorized engineering workstations or administrative systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

1715 EtherNet/IP Comms

HOTFIXUpgrade 1715 EtherNet/IP Comms Module firmware to version 3.011 or later

Mitigations - no patch available

0/2

1715 EtherNet/IP Comms has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the 1715 EtherNet/IP Comms Module on a separate control network segment and prevent direct internet or untrusted business network access

HARDENINGIf remote access to the module is required, use VPN or secure out-of-band management channels instead of exposing the web service directly

CVEs (2)

CVE-2025-9177 CVE-2025-9178

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/307dc952-23d3-42da-8679-764f07609578

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.