ICSA-25-226-28
·
Published 2025-08-14
·
View on CISA ICS-CERT ↗
Rockwell Automation ControlLogix Ethernet Modules
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow.
CVEs (1)
Remediations
- Rockwell Automation recommends that ControlLogix Ethernet Module users update to Version 12.001 if possible. If users are not able to upgrade to Version 12.001, security best practices should be applied.
Affected Vendors
Rockwell Automation
Affected Products (5)
Rockwell Automation
·
1756-EN2T/D
<=11.004
Rockwell Automation
·
1756-EN2F/C
<=11.004
Rockwell Automation
·
1756-EN2TR/C
<=11.004
Rockwell Automation
·
1756-EN3TR/B
<=11.004
Rockwell Automation
·
1756-EN2TP/A
<=11.004
Affected Sectors
Chemical, Energy, Critical Manufacturing, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more