PT-2025-33275 · Rockwell Automation · Controllogix Ethernet Modules
Published
2025-08-14
·
Updated
2025-09-23
·
CVE-2025-7353
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Rockwell Automation ControlLogix Ethernet Modules versions prior to 12.001
Description:
A security issue exists in Rockwell Automation ControlLogix Ethernet Modules due to the web-based debugger agent. Connecting to the WDB agent using a specific IP address can allow remote attackers to perform memory dumps, modify memory, and control execution flow. Approximately 1.8K services are exposed yearly.
Recommendations:
Update firmware to version 12.001.
Alternatively, disable the WDB agent.
Fix
RCE
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Controllogix Ethernet Modules