Rockwell Automation FLEX I/O EtherNet/IP Adapters version 2.012 are affected by two vulnerabilities. CVE-2026-0647 allows unauthenticated account takeover via the embedded web server, while CVE-2026-0646 enables a denial-of-service condition through malformed CIP protocol requests.