OTPulse
FeedAboutContact

Rockwell Automation 1783-NATR

Plan Patch7.3ICS-CERT ICSA-25-252-09Sep 9, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The 1783-NATR network module contains a memory corruption vulnerability (CWE-1103) that allows an attacker with network access to send a specially crafted packet and corrupt memory on the device without authentication. This could result in unpredictable behavior or service disruption in control systems. Rockwell Automation has released firmware version 1.007 to address this issue. Affected versions are those below 1.007.

What this means
What could happen
An attacker could corrupt memory in the 1783-NATR module, potentially causing unpredictable device behavior, data loss, or service interruption in industrial control networks.
Who's at risk
Water authorities, electric utilities, and other critical infrastructure operators using Rockwell Automation 1783-NATR network modules for industrial control systems and real-time communications between PLCs and distributed I/O devices should prioritize this issue.
How it could be exploited
An attacker with network access to the device can send a specially crafted packet to trigger the memory corruption vulnerability without requiring authentication or user interaction.
Prerequisites
  • Network access to the 1783-NATR device
  • No authentication required
remotely exploitableno authentication requiredlow complexitymemory corruption can affect device stability
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
1783-NATR: <1.007<1.0071.007
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDFor devices unable to upgrade immediately, apply firewall rules to restrict network access to the 1783-NATR module to only trusted engineering and control network segments
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade 1783-NATR firmware to version 1.007 or later
Long-term hardening
0/2
HARDENINGIsolate the 1783-NATR and associated control system networks from direct internet access and business networks
HARDENINGSegment the industrial control system network to prevent lateral movement if the device is compromised
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5f033590-63fc-4d1b-a7ca-24a7e93439da
Rockwell Automation 1783-NATR | CVSS 7.3 - OTPulse