Loading

ControlLogix® Ethernet Remote Code Execution Vulnerability

Severity:
Critical
Advisory ID:
SD1732
公開日:
August 14, 2025
最終更新日:
August 14, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
はい
Workaround:
いいえ
CVE IDs
CVE-2025-7353
ダウンロード
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
概要

Published Date: 8/14/2025 

Last Updated: 8/14/2025 
Revision Number: 1.0 
CVSS Score: 9.8/10 

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments. 

AFFECTED PRODUCTS AND SOLUTION

Affected Product 

CVE 

Affected Software Versions 

Corrected in Software Version 

1756-EN2T/D

CVE-2025-7353 

Version 11.004 or below 

12.001 

1756-EN2F/C

CVE-2025-7353 

Version 11.004 or below 

12.001 

1756-EN2TR/C

CVE-2025-7353 

Version 11.004 or below 

12.001 

1756-EN3TR/B

CVE-2025-7353 

Version 11.004 or below 

12.001 

1756-EN2TP/A

CVE-2025-7353 

Version 11.004 or below 

12.001 

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities. 

CVE-2025-7353 IMPACT

A security issue exists due to the web-based debugger agent enabled on released devices. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow.  

CVSS 3.1 Base Score: 9.8 
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0 Base Score: 9.3 
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE: CWE-1188: Initialization of a Resource with an Insecure Default 
Known Exploited Vulnerability (KEV) database: No 

Mitigations and Workarounds 
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied. 

·         Security Best Practices

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose