Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)

MonitorCVSS 6.5ICS-CERT ICSA-25-226-31Aug 13, 2025

Rockwell Automation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The 1756-EN4TR and 1756-EN4TRXT CompactLogix Ethernet modules contain input validation vulnerabilities that can be exploited by an attacker on the same local network to cause a denial of service condition. Successful exploitation results in the Ethernet module becoming unresponsive, disconnecting the PLC from the network. The vulnerability does not allow remote exploitation from the Internet.

What this means

What could happen

An attacker with network access to these Ethernet modules could disrupt communication, causing the CompactLogix PLC to lose connectivity and halt industrial processes. This results in production downtime for manufacturing, water treatment, or power systems.

Who's at risk

Water utilities, power generators, and manufacturing plants using Rockwell CompactLogix PLC systems with 1756-EN4TR or 1756-EN4TRXT Ethernet modules (versions 6.001 and earlier). Any facility that relies on these modules for real-time process communication should prioritize this update.

How it could be exploited

An attacker must be on the same local network segment as the Ethernet module. They send specially crafted network packets to trigger a denial of service condition that causes the module to become unresponsive, disconnecting the PLC from the network.

Prerequisites

Network access to the same local network segment (not remotely exploitable)
No authentication required
Module must be running firmware version 6.001 or earlier

no authentication requireddenial of service impactaffects critical control communication

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

1756-EN4TR, EN4TRXTAll versionsNo fix (EOL)

1756-EN4TR: <=6.001≤ 6.0017.001+

1756-EN4TRXT: <=6.001≤ 6.0017.001+

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to these Ethernet modules to only authorized devices on your control system network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade 1756-EN4TR and 1756-EN4TRXT modules to firmware version 7.001 or later

Mitigations - no patch available

0/1

1756-EN4TR, EN4TRXT has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the control system network behind a firewall and restrict access from business networks

CVEs (2)

CVE-2025-8007 CVE-2025-8008

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c24fd88b-f390-4986-9780-8e10c37fbae7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.