Rockwell Automation 1783-NATR

Plan PatchCVSS 7.3ICS-CERT ICSA-25-252-09Sep 9, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A memory corruption vulnerability exists in the Rockwell Automation 1783-NATR Ethernet switch. Successful exploitation could allow an attacker with network access to cause memory corruption on the device. Firmware versions prior to 1.007 are affected. The 1783-NATR Memory Size variant across all versions is not eligible for a patch per Rockwell Automation. Rockwell Automation has released version 1.007 to address this issue in the primary product line.

What this means

What could happen

An attacker could trigger a memory corruption condition on the 1783-NATR Ethernet switch, potentially degrading network connectivity for connected control devices or causing the device to become unstable or unresponsive.

Who's at risk

This vulnerability affects the Rockwell Automation 1783-NATR Ethernet switch, which is commonly deployed in manufacturing plants, water treatment facilities, and power distribution systems as a managed network component in industrial control system networks. Facilities using this switch for control system connectivity should prioritize remediation.

How it could be exploited

An attacker with network access to the 1783-NATR device could send specially crafted network packets to trigger the memory corruption vulnerability. No authentication is required to exploit this flaw.

Prerequisites

Network access to the 1783-NATR device (typically on the control system network)
No authentication required

remotely exploitableno authentication requiredlow complexitymemory corruption affects device stability

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

1783-NATR: <1.007<1.0071.007

1783-NATR Memory SizeAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to 1783-NATR Ethernet switch using a network firewall or access control list to allow only trusted engineering and operations workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 1783-NATR firmware to version 1.007 or later

HARDENINGImplement network monitoring to detect unusual traffic patterns targeting the 1783-NATR device

Mitigations - no patch available

0/1

1783-NATR Memory Size has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the control system network containing the 1783-NATR device from the business network using a firewall or network segmentation

CVEs (1)

CVE-2020-28895

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5f033590-63fc-4d1b-a7ca-24a7e93439da

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.