OTPulse
FeedAboutContact

Rockwell Automation ControlLogix

Monitor7.5ICS-CERT ICSA-26-029-03Jan 29, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in the Rockwell Automation ControlLogix 1756-RM2 and 1756-RM2XT Redundancy Enhanced Modules allows an attacker to cause a denial-of-service condition by sending crafted network packets. The vulnerability affects all versions of both modules. Successful exploitation disables the redundancy module, preventing failover capability.

What this means
What could happen
An attacker with network access to the ControlLogix redundancy module could cause it to stop functioning, disrupting failover and redundancy capabilities in critical control systems. This could force operations to run on a single module without backup.
Who's at risk
Water utilities and electric utilities using Rockwell Automation ControlLogix systems with 1756-RM2 or 1756-RM2XT redundancy modules. This affects any facility relying on redundant PLC failover for high-availability critical control processes.
How it could be exploited
An attacker sends specially crafted network traffic to the redundancy module on the ControlLogix network. The module fails to properly handle the malformed data and stops responding, triggering a denial-of-service condition that disables redundancy failover.
Prerequisites
  • Network access to the ControlLogix Redundancy Enhanced Module (1756-RM2 or 1756-RM2XT) on the control network
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for affected versionsAffects redundancy/safety-critical systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*All versionsNo fix (EOL)
ControlLogix Redundancy Enhanced Module Catalog 1756-RM2XT Firmware: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDImplement firewall rules or network access controls to restrict traffic to the redundancy module to only authorized engineering and control systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade from 1756-RM2 or 1756-RM2XT to the fixed 1756-RM3 module
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*, ControlLogix Redundancy Enhanced Module Catalog 1756-RM2XT Firmware: vers:all/*. Apply the following compensating controls:
HARDENINGApply security best practices including network segmentation to limit access to the redundancy module from untrusted networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1b8c7b1e-2158-49b6-aca2-e44881f05623