OTPulse

Rockwell Automation 432ES-IG3 Series A

Plan PatchCVSS 7.5ICS-CERT ICSA-26-013-01Dec 9, 2025
Rockwell Automation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The 432ES-IG3 Series A gateway contains a resource exhaustion vulnerability (CWE-770) that can be triggered by sending specially crafted network packets. Successful exploitation results in a denial-of-service condition where the gateway stops responding to legitimate traffic. Version 1.001 of the firmware has been identified as vulnerable; Rockwell Automation has issued a fix in version 2.001.9 or later.

What this means
What could happen
An attacker could send malformed network traffic to the 432ES-IG3 gateway and cause it to stop responding (denial-of-service), interrupting communications between your Ethernet network and your industrial devices.
Who's at risk
Water and electric utilities with Rockwell Automation 432ES-IG3 Series A Ethernet-to-industrial protocol gateways, especially those managing communications between control network equipment and industrial devices.
How it could be exploited
An attacker on the network or with network access to the device could send specially crafted packets to the 432ES-IG3 gateway on its network interface. The gateway would process these packets incorrectly and stop responding to legitimate traffic, effectively disabling the gateway until it is manually restarted.
Prerequisites
  • Network access to the 432ES-IG3 gateway on its Ethernet port
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects network infrastructure between IT and OT
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
432ES-IG3 Series AAll versionsNo fix (EOL)
432ES-IG3 Series A: V1.001V1.0012.001.9
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to the 432ES-IG3 gateway to only authorized Ethernet ports and subnet ranges; use firewall rules or network segmentation to block untrusted traffic
HARDENINGMonitor the gateway for unexpected restarts or loss of connectivity that could indicate active exploitation
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

432ES-IG3 Series A
HOTFIXUpdate 432ES-IG3 Series A firmware to version 2.001.9 or later
View full CISA ICS-CERT advisory
API: /api/v1/advisories/e0360c87-ff7a-41b0-acfd-d4d0183b92c4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Rockwell Automation 432ES-IG3 Series A | CVSS 7.5 - OTPulse