CISA flags critical bugs in Rockwell and ABB industrial gear

CISA has published a batch of advisories warning of serious security holes in industrial control equipment, including a maximum-severity flaw in a Rockwell Automation device that carries a rare perfect 10 out of 10 severity score. The advisories, released on July 14, cover gear used in energy, water and wastewater, and manufacturing plants around the world.

A perfect-score flaw in Rockwell hardware

The standout is CVE-2026-10577, affecting the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, a module that connects industrial controllers to a plant network. According to CISA's advisory, the device exposes a network-reachable debug port that enforces no authentication, so a remote attacker with no credentials can send intrusive command-line instructions: read or delete files, stop running tasks, modify memory, and change the input and output states that drive physical equipment. Rockwell has released version 3.011 to fix it and urges operators to upgrade.

ABB systems also flagged

The same day, CISA published three advisories for ABB products. The most severe, rated 9.9, affects ABB T-MAC Plus (CVE-2025-14771 through CVE-2025-14774) and combines file disclosure, an authorization bypass, and cross-site scripting that together could let an attacker read sensitive files and take control. A separate flaw in ABB Ability Edgenius (CVE-2026-31431, a Linux kernel bug ABB calls Copy Fail) can hand a local user root privileges, and a DLL search-path issue in ABB Advant Master Online Builder (CVE-2025-13162) could allow unauthorised code execution. ABB has shipped fixed versions for each.

Why it matters

Operational technology like this runs the machinery behind power, water, and factories, where a successful intrusion can have physical consequences, not just data loss. A maximum-severity, no-authentication flaw on an internet-reachable adapter is exactly the kind of bug that state-linked and criminal groups probe for. It follows a similar wave of critical ICS advisories in June, and echoes real-world attacks such as the IRGC-linked CyberAv3ngers campaign against water and energy controllers.

What you should do

Apply the vendor updates from Rockwell and ABB as soon as testing allows. In the meantime, keep control systems off the public internet, place them behind firewalls and segmented networks, and restrict remote access to trusted operators through a VPN, following CISA's standing defensive guidance for industrial systems.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Detection coverage

Read the full analysis on IntelFusions