Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)

Monitor6.5ICS-CERT ICSA-25-226-31Aug 14, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation CompactLogix 1756-EN4TR and 1756-EN4TRXT Ethernet modules (firmware ≤6.001) contain input validation vulnerabilities (CWE-20, CWE-755) that can be exploited to cause a denial of service condition. These are Layer 2 / local network vulnerabilities, not remotely exploitable over the internet.

What this means

What could happen

An attacker with network access to the module could send malformed packets that cause the Ethernet interface to fail, interrupting communications between the PLC and your HMI, remote monitoring systems, or other network devices on the plant floor.

Who's at risk

This affects water utilities, electric cooperatives, and municipalities running Rockwell Automation CompactLogix PLCs with 1756-EN4TR or 1756-EN4TRXT Ethernet communication modules. Any system relying on these modules for SCADA/HMI connectivity, meter data collection, or remote monitoring is at risk of losing network communication if the module's interface is disrupted.

How it could be exploited

An attacker must be on the same local network segment as the 1756-EN4TR or 1756-EN4TRXT module. They would craft and send specially malformed network packets directly to the module to trigger improper input handling, causing the interface to stop responding.

Prerequisites

Layer 2 network access to the CompactLogix module (same switch/network segment)
No credentials or authentication required
Knowledge of malformed packet structure to trigger the vulnerability

Low complexity attackNo authentication requiredAffects network availability of control systemsRequires Layer 2 network access (not internet-facing, but affects internal plant networks)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

1756-EN4TR: <=6.001≤ 6.0017.001 or later

1756-EN4TRXT: <=6.001≤ 6.0017.001 or later

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade both 1756-EN4TR and 1756-EN4TRXT Ethernet modules to firmware version 7.001 or later. Download the update from Rockwell Automation's website and apply during a maintenance window.

Long-term hardening

0/3

HARDENINGIsolate CompactLogix systems from business networks using a firewall or air gap. Do not allow direct Layer 2 access from office/IT networks to plant floor control network segments.

HARDENINGIf remote access to CompactLogix is required, route all traffic through a VPN gateway and avoid exposing the module directly to the internet or untrusted networks.

HARDENINGReview and follow Rockwell Automation's published Security Best Practices for CompactLogix configuration and network deployment.

CVEs (2)

CVE-2025-8007 CVE-2025-8008

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c24fd88b-f390-4986-9780-8e10c37fbae7