CVE-2026-0646
Published: 16 June 2026
Summary
CVE-2026-0646 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Rockwellautomation (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-37121
Vulnerability details
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct memory-handling flaw in exposed CIP service enables remote endpoint DoS via crafted requests (CWE-401 resource exhaustion).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.