Rockwell ControlLogix Ethernet Vulnerability Threatens Industrial Systems

Critical Security Flaw Identified

Rockwell Automation discovered a major flaw in its ControlLogix Ethernet modules.
The issue, tracked as CVE-2025-7353, scored 9.8 on the CVSS scale.
Attackers can exploit this flaw to run remote code on industrial devices.
The company published the advisory on August 14, 2025.

Root Cause of the Issue

The problem comes from a default debugger agent left enabled.
This web-based debugger (WDB) was meant only for development tasks.
However, attackers can access it over a network using specific IP addresses.
No authentication or user interaction is required to exploit the flaw.

Affected Devices

The vulnerability impacts several ControlLogix Ethernet communication modules.
These include models 1756-EN2T/D, 1756-EN2F/C, 1756-EN2TR/C, 1756-EN3TR/B, and 1756-EN2TP/A.
All devices running firmware version 11.004 or earlier remain exposed.
These modules connect ControlLogix PACs with Ethernet networks in factories.

Potential Consequences

Attackers can gain deep system access through the debugger agent.
They can dump memory, change data, and redirect execution flow.
This means they can disrupt manufacturing or steal sensitive operational data.
Such access directly threatens process integrity, safety, and uptime.

Mitigation and Updates

Rockwell released firmware version 12.001 to fix the flaw.
This update disables the insecure WDB agent by default.
The company urges all operators to upgrade immediately.
For delayed updates, Rockwell recommends network segmentation and strict firewall rules.

Next Steps for Operators

Security teams should isolate vulnerable modules from corporate networks.
They should monitor traffic for suspicious connections and unusual activity.
Additionally, organizations must run regular security audits on industrial infrastructure.
Proactive defense helps prevent similar risks across automation systems.