Rockwell 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerabilities

Monitor7.5SD1757Oct 14, 2025

Summary

The Rockwell 1715 EtherNet/IP communications module contains denial-of-service vulnerabilities that allow an attacker to crash the module by sending specially crafted network packets. When the 1715 becomes unresponsive, it severs EtherNet/IP communication between the main controller and connected I/O devices, disrupting real-time control operations. All versions of the 1715 EtherNet/IP Comms module are vulnerable. Rockwell Automation has not announced plans for a firmware patch at this time.

What this means

What could happen

An attacker could send specially crafted network packets to crash the 1715 EtherNet/IP module, causing it to stop communicating with the controller and interrupting real-time control operations on connected machinery or process equipment.

Who's at risk

Facilities using Rockwell 1715 EtherNet/IP comms modules for real-time machinery control, including water treatment plants (pump and valve control), wastewater systems, electric utility substations (RTU communications), and manufacturing automation environments. Any system relying on the 1715 module for controller-to-device communication is at risk of operational interruption.

How it could be exploited

An attacker with network access to the 1715 module's EtherNet/IP port (typically port 2222 or 44818) sends a malformed packet that triggers a denial-of-service condition. No authentication is required. The module becomes unresponsive until manually rebooted, severing communication between the controller and any connected I/O devices.

Prerequisites

Network access to port 2222 or 44818 on the 1715 EtherNet/IP module
The module must be accessible from an attacker's network position (on-site or via compromised internal network)
No credentials or special configuration required

Remotely exploitableNo authentication requiredLow complexity attackNo patch currently availableAffects operational control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

1715 EtherNet/IP CommsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to restrict EtherNet/IP traffic to the 1715 module. Use industrial firewall rules to allow only authorized controller and engineering workstation IP addresses to communicate with the module.

WORKAROUNDDisable or physically isolate the 1715 EtherNet/IP module if it is not actively in use in your configuration.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDeploy network monitoring and intrusion detection tuned to recognize malformed EtherNet/IP packets directed at the 1715 module, and alert on suspicious patterns.

HOTFIXMonitor Rockwell Automation security advisories for a firmware patch. When available, plan a controlled maintenance window to update the 1715 module firmware.

CVEs (2)

CVE-2025-9177 CVE-2025-9178

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/efce3963-aaeb-48ad-b65f-e17d5ac31654