CVE-2025-9177 - Vulnerability Details - OpenCVE

A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication . A power cycle is required to recover and utilize the webpage.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html

History

Tue, 14 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Oct 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication . A power cycle is required to recover and utilize the webpage.
Title		Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability
Weaknesses		CWE-770
References		https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html
Metrics		cvssV4_0 `{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2025-10-14T12:48:52.124Z

Updated: 2025-10-14T13:36:19.778Z

Reserved: 2025-08-19T14:42:40.813Z

Link: CVE-2025-9177

Vulnrichment

Updated: 2025-10-14T13:36:17.399Z

NVD

Status : Awaiting Analysis

Published: 2025-10-14T13:15:40.393

Modified: 2025-10-14T19:36:29.240

Link: CVE-2025-9177

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9177", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2025-08-19T14:42:40.813Z", "datePublished": "2025-10-14T12:48:52.124Z", "dateUpdated": "2025-10-14T13:36:19.778Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "1715-AENTR EtherNet/IP Adapter", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "Version 3.003 and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td><p>A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication<u> </u>. A power cycle is required to recover and utilize the webpage<u>.</u></p></td></tr><tr><td></td></tr></tbody></table><br>"}], "value": "A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication\u00a0. A power cycle is required to recover and utilize the webpage."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2025-10-14T12:51:29.204Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to \n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=64471\">Version 3.011 and later<div></div></a>"}], "value": "Upgrade to\u00a0\n\n Version 3.011 and later\n\n https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx"}], "source": {"advisory": "SD1757", "discovery": "INTERNAL"}, "title": "Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T13:36:13.254823Z", "id": "CVE-2025-9177", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:36:19.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9177", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T13:36:13.254823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:36:17.399Z"}}], "cna": {"title": "Rockwell Automation 1715 EtherNet/IP Comms Module Denial-Of-Service Vulnerability", "source": {"advisory": "SD1757", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "1715-AENTR EtherNet/IP Adapter", "versions": [{"status": "affected", "version": "Version 3.003 and prior"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to\u00a0\n\n Version 3.011 and later\n\n https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx", "supportingMedia": [{"type": "text/html", "value": "Upgrade to \n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=64471\">Version 3.011 and later<div></div></a>", "base64": false}]}], "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication\u00a0. A power cycle is required to recover and utilize the webpage.", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td><p>A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication<u> </u>. A power cycle is required to recover and utilize the webpage<u>.</u></p></td></tr><tr><td></td></tr></tbody></table><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2025-10-14T12:51:29.204Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9177", "state": "PUBLISHED", "dateUpdated": "2025-10-14T13:36:19.778Z", "dateReserved": "2025-08-19T14:42:40.813Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2025-10-14T12:48:52.124Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication\u00a0. A power cycle is required to recover and utilize the webpage."}], "id": "CVE-2025-9177", "lastModified": "2025-10-14T19:36:29.240", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2025-10-14T13:15:40.393", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1757.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}