CVE-2025-7353 (CVSS 9.8): Rockwell Automation Issues Urgent Warning for ControlLogix Modules
Ddos 
Rockwell Automation has issued a critical security advisory regarding a remote code execution (RCE) vulnerability affecting its ControlLogix Ethernet communication modules widely used in industrial control systems. Tracked as CVE-2025-7353, the flaw carries a CVSS score of 9.8.
According to the advisory:
βA security issue exists due to the web-based debugger agent enabled on released devices. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow.β
This means that attackers exploiting the flaw could gain near-complete control over affected devices, posing significant risks to critical infrastructure sectors where Rockwellβs ControlLogix modules are widely deployed.
The vulnerability impacts several versions of Rockwellβs 1756 ControlLogix Ethernet modules. Specifically, the following product families and firmware versions are affected:
- 1756-EN2T/D β Version 11.004 or below
- 1756-EN2F/C β Version 11.004 or below
- 1756-EN2TR/C β Version 11.004 or below
- 1756-EN3TR/B β Version 11.004 or below
- 1756-EN2TP/A β Version 11.004 or below
ControlLogix modules play a pivotal role in programmable logic controllers (PLCs) that power essential operations in energy, manufacturing, water treatment, and transportation sectors. An RCE vulnerability in such components could enable attackers to disrupt industrial processes, exfiltrate sensitive data, or even cause physical damage.
With a CVSS 9.8 score, this flaw is among the most serious types of vulnerabilities for operational technology (OT) environments. Exploitation could grant adversaries deep persistence within critical networks, underscoring the urgent need for patching and strong cyber hygiene.
Rockwell has confirmed that the issue is resolved in firmware version 12.001.
Rockwell Automation strongly urges customers to upgrade affected devices to the corrected software version where possible. For organizations unable to immediately apply the update, the advisory emphasizes applying security best practices as compensating controls.
βUsers should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied.β
Recommended practices include limiting network exposure of industrial devices, isolating critical control systems from business networks and the internet, and using firewalls and VPNs to restrict remote connections.
Related Posts:
- Critical Vulnerabilities Found in Rockwell Automation FactoryTalk ThinManager
- High-Severity Flaws in Rockwell Arena Simulation Expose Industrial Systems to Memory Abuse
- 9.8 CVSS Score: Rockwell Automation Impacted by High-Severity log4net Vulnerability
- Rockwell Automation Claims Cisco IOS Vulnerability Affects Its Industrial Switch
- CVE-2025-7972: Rockwell Automation Patches Critical Security Bypass in FactoryTalk Linx
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
