Rockwell Automation 1783-NATR

Act Now10ICS-CERT ICSA-25-294-01Oct 21, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The 1783-NATR Ethernet gateway contains multiple vulnerabilities in input validation and cross-site request forgery protection that allow unauthenticated remote attackers to cause denial-of-service, modify device configuration or data, or access sensitive information. The vulnerabilities exist in firmware version 1.006 and earlier. Rockwell Automation has released firmware version 1.007 or later as a fix. No active public exploitation has been reported, but the high CVSS score and lack of authentication requirements make this a critical issue for any deployment exposed to untrusted networks.

What this means

What could happen

An attacker with network access to the 1783-NATR could stop the device from working, modify data or configurations, or read sensitive information from the network module.

Who's at risk

Water utilities, electric utilities, and other process manufacturers that rely on Rockwell Automation CompactLogix and ControlLogix PLCs with 1783-NATR Ethernet gateways for remote monitoring or site-to-site communication. Any facility using this module for process control network connectivity is affected.

How it could be exploited

An attacker on the network sends a specially crafted request to the unpatched 1783-NATR. The device processes the request without proper validation (missing authentication checks and input filtering), allowing the attacker to execute their chosen action against the module and connected PLC network.

Prerequisites

Network access to the 1783-NATR device
Device running firmware version 1.006 or earlier
No authentication required

Remotely exploitableNo authentication requiredLow attack complexityHigh CVSS score (10.0)Network-accessible device

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

1783-NATR: <=1.006≤ 1.0061.007 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the 1783-NATR using firewall rules; ensure it is not reachable from untrusted networks or the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade 1783-NATR firmware to version 1.007 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the PLC and gateway devices from business networks

HARDENINGIf remote access is required, use a VPN with current security patches and restrict VPN endpoints

CVEs (3)

CVE-2025-7328 CVE-2025-7329 CVE-2025-7330

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/676d4f41-0111-4b68-b62e-84bcd4628fa6