Rockwell Automation 1715 EtherNet/IP Comms Module

Monitor7.5ICS-CERT ICSA-25-287-01Oct 14, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow and improper input validation vulnerability in the 1715 EtherNet/IP Comms Module web server allows an unauthenticated attacker with network access to send a malicious request that crashes the web server, forcing a restart. The module is vulnerable in versions 3.003 and earlier. CWEs: CWE-770 (allocation of resources without limits), CWE-787 (out-of-bounds write).

What this means

What could happen

An attacker could crash the web server on the 1715 EtherNet/IP module, forcing a restart and temporarily disrupting communications with any Rockwell Automation controllers or devices that rely on this module for network connectivity.

Who's at risk

Organizations using Rockwell Automation 1715 EtherNet/IP communication modules should be concerned. This module is commonly deployed in manufacturing, water and wastewater treatment, electric utilities, and other process automation environments where it provides network connectivity between PLCs and other control devices. Any shutdown of this module will disrupt communications and may cause process interruptions if there is no redundant communication path.

How it could be exploited

An attacker with network access to the 1715 module's web interface could send a specially crafted request (related to buffer overflow or resource exhaustion) that causes the web server process to crash. The module would then be offline until manually restarted.

Prerequisites

Network access to the 1715 EtherNet/IP module web interface (port 80 or 443)
No authentication required to trigger the vulnerability

Remotely exploitableNo authentication requiredLow complexityNetwork-exposed communication deviceDenial of service impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

1715 EtherNet/IP: <=3.003≤ 3.003No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf upgrade is not possible, restrict network access to the 1715 module using firewall rules to only allow connections from trusted engineering workstations and control system networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade 1715 EtherNet/IP module firmware to version 3.011 or later

Long-term hardening

0/2

HARDENINGIsolate the 1715 module and all connected controllers on a separate network segment, not reachable from the business network or internet

HARDENINGImplement network monitoring to detect unexpected connections to the 1715 module web interface

CVEs (2)

CVE-2025-9177 CVE-2025-9178

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/307dc952-23d3-42da-8679-764f07609578