Iranian state-affiliated threat actors are actively targeting Rockwell Automation and Allen-Bradley PLCs exposed directly to the internet in US critical infrastructure, including power grid and water/wastewater systems, as documented in CISA advisory AA26-097A. No specific CVEs have been confirmed; the attack methodology exploits missing authentication controls and weak or default credentials (CWE-306, CWE-1188) rather than a patched software vulnerability, making this a configuration and network exposure issue rather than a patchable CVE. Approximately 4,000 US-exposed industrial devices in this class were identified by Censys research; organizations operating OT environments with internet-facing Rockwell equipment must immediately remove or firewall those devices, rotate all PLC and HMI credentials, and consult CISA AA26-097A and Rockwell Automation security advisories for vendor-confirmed affected configurations.