Rockwell Automation ControlLogix

MonitorCVSS 7.5ICS-CERT ICSA-26-029-03Jan 20, 2026

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 and 1756-RM2XT firmware across all versions. The vulnerability allows an attacker to cause a denial-of-service condition.

What this means

What could happen

An attacker could remotely trigger a denial-of-service condition on the redundancy module, causing the ControlLogix system to lose redundancy capability and potentially interrupt failover protection for critical processes.

Who's at risk

Water and electric utilities, as well as other critical infrastructure operators using Rockwell Automation ControlLogix systems with 1756-RM2 or 1756-RM2XT redundancy modules should care about this advisory. Any facility relying on redundant ControlLogix processors for fault tolerance is affected.

How it could be exploited

An attacker with network access to the redundancy module could send malformed or specially crafted packets to trigger the denial-of-service condition. This would require network connectivity to the module on the control network.

Prerequisites

Network access to the 1756-RM2 or 1756-RM2XT module
No authentication required
Module must be accessible from attacker's network

remotely exploitableno authentication requiredaffects redundancy systemsno patch available for RM2/RM2XT

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

1 pending2 EOL

ProductAffected VersionsFix Status

IMPORTANT NOTICE: RockwellAll versionsNo fix yet

ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*All versionsNo fix (EOL)

ControlLogix Redundancy Enhanced Module Catalog 1756-RM2XT Firmware: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the redundancy module using firewall rules to allow only authorized engineering and control network traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade from 1756-RM2 to 1756-RM3 module

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*, ControlLogix Redundancy Enhanced Module Catalog 1756-RM2XT Firmware: vers:all/*. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate ControlLogix systems from untrusted networks

CVEs (1)

CVE-2025-14027

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b8c7b1e-2158-49b6-aca2-e44881f05623

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.