Rockwell Automation 1783-NATR

Plan PatchCVSS 10ICS-CERT ICSA-25-294-01Oct 14, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Rockwell Automation 1783-NATR network appliance and Comms module contain multiple vulnerabilities allowing remote attackers to cause denial of service, modify data, or obtain sensitive information. The 1783-NATR is vulnerable in firmware versions 1.006 and earlier. The Comms product (all versions) has no fix available from the vendor. Successful exploitation does not require authentication and can be carried out from the network without user interaction.

What this means

What could happen

An attacker could cause the 1783-NATR network appliance to deny service, modify data in transit, or steal sensitive information that flows through it. This directly threatens the confidentiality and availability of communications between your control systems and engineering workstations.

Who's at risk

This affects organizations using Rockwell Automation 1783-NATR network appliances in industrial control system environments. The device is typically used for communication between PLCs, remote I/O modules, and engineering workstations. Any facility relying on this appliance for critical control system connectivity—including water utilities, power plants, and manufacturing facilities—should prioritize remediation.

How it could be exploited

An attacker on the network can send malicious requests to the 1783-NATR without authentication, exploiting the lack of input validation or access controls. The network appliance would process these requests and either crash (denial of service), allow data modification, or leak sensitive information to the attacker.

Prerequisites

Network access to the 1783-NATR device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects network communication between control devicesComms product has no fix available

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

CommsAll versionsNo fix yet

1783-NATR: <=1.006≤ 1.0061.007+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the 1783-NATR: place it behind a firewall and block inbound traffic from untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade 1783-NATR devices to firmware version 1.007 or later

HARDENINGImplement network monitoring to detect suspicious traffic destined for the 1783-NATR

Long-term hardening

0/1

HARDENINGIsolate the network segment containing the 1783-NATR from your business network using a demilitarized zone (DMZ) or network segmentation

CVEs (3)

CVE-2025-7328 CVE-2025-7329 CVE-2025-7330

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/676d4f41-0111-4b68-b62e-84bcd4628fa6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.