A critical vulnerability in Rockwell Automation’s ControlLogix Ethernet modules has been discovered that could allow remote attackers to execute malicious code on industrial control systems.
The vulnerability, identified as CVE-2025-7353, affects multiple ControlLogix communication modules and carries a severe CVSS score of 9.8 out of 10, indicating the highest level of risk to affected systems.
Vulnerability Overview
Rockwell Automation disclosed the security flaw on August 14, 2025, after discovering it during internal routine testing.
The vulnerability stems from a web-based debugger agent that remains enabled on released devices, creating an unintended attack vector for malicious actors.
When attackers connect to the vulnerable web debugger using a specific IP address, they can gain unauthorized access to perform memory dumps, modify system memory, and control the execution flow of critical industrial processes.
The affected systems include several ControlLogix Ethernet communication modules that serve as critical components in industrial automation environments.
These modules facilitate communication between programmable logic controllers and other networked devices in manufacturing and process control systems.
Affected Systems and Impact
| Product Model | CVE ID | Affected Versions | Fixed Version |
| 1756-EN2T/D | CVE-2025-7353 | 11.004 and below | 12.001 |
| 1756-EN2F/C | CVE-2025-7353 | 11.004 and below | 12.001 |
| 1756-EN2TR/C | CVE-2025-7353 | 11.004 and below | 12.001 |
| 1756-EN3TR/B | CVE-2025-7353 | 11.004 and below | 12.001 |
| 1756-EN2TP/A | CVE-2025-7353 | 11.004 and below | 12.001 |
The vulnerability is classified under CWE-1188: Initialization of a Resource with an Insecure Default, indicating that the web debugger functionality was improperly configured in production environments.
The CVSS vector string reveals that the vulnerability can be exploited remotely over a network connection without requiring authentication or user interaction, making it particularly dangerous for internet-connected industrial systems.
Rockwell Automation has released firmware version 12.001 to address the vulnerability across all affected ControlLogix modules.
The company emphasized that the discovery occurred through their internal security testing procedures, demonstrating their commitment to proactive vulnerability identification and customer transparency.
Currently, no workarounds are available for the vulnerability, making immediate patching the primary defense strategy.
Organizations operating affected systems should prioritize updating to the corrected firmware version to eliminate the security risk.
The vulnerability has not yet been added to the Known Exploited Vulnerabilities database, suggesting that active exploitation in the wild has not been confirmed.
However, given the critical nature of the flaw and the potential for remote code execution, security experts recommend treating this as a high-priority patching effort for all affected industrial control systems.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
