Rockwell ControlLogix Ethernet Vulnerability Allows Remote Code Execution by Attackers

A critical security vulnerability has been identified in Rockwell Automation’s ControlLogix Ethernet communication modules, which could enable remote attackers to execute arbitrary code on industrial control systems. This vulnerability, designated as CVE-2025-7353, affects several ControlLogix Ethernet modules and has been assigned a maximum CVSS score of 9.8, indicating severe security risks for industrial automation environments. The flaw arises from an insecure default configuration in the web-based debugger (WDB) agent, which remains enabled on production devices. This debugging interface, intended solely for development purposes, poses a significant attack vector when active in operational settings. Unauthenticated remote attackers can exploit this vulnerability by connecting to specific IP addresses to access the WDB agent functionality, allowing them to perform memory dumps, modify system memory, and control the execution flow of the affected devices.

Rockwell Automation published a security advisory on August 14, 2025, following the discovery of this flaw during internal testing. The vulnerability impacts multiple ControlLogix Ethernet communication modules, including models 1756-EN2T/D, 1756-EN2F/C, 1756-EN2TR/C, 1756-EN3TR/B, and 1756-EN2TP/A, all running firmware version 11.004 or below. Successful exploitation of this vulnerability could enable attackers to manipulate industrial processes, access sensitive operational data, or disrupt manufacturing operations. The CVSS 3.1 vector string indicates that the vulnerability can be exploited over the network with low complexity, requiring no privileges or user interaction, and poses a high impact across confidentiality, integrity, and availability. Immediate updates are recommended, and implementing network segmentation is advised if patching cannot be performed promptly. 

Categories: Vulnerability, Industrial Control Systems, Security Advisory 

Tags: Vulnerability, Rockwell Automation, ControlLogix, Ethernet, Remote Code Execution, CVE-2025-7353, Web Debugger Agent, Industrial Control Systems, Security Advisory, Firmware