RSLinx Classic Third-Party Vulnerability

MonitorCVSS 7.5ICS-CERT ICSA-26-167-02Jun 16, 2026

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RSLinx Classic version 4.50.00 and earlier contain a vulnerability that causes denial of service. Successful exploitation results in the application becoming unresponsive and not recovering automatically. The vulnerability requires no authentication and can be triggered remotely.

What this means

What could happen

An attacker can crash RSLinx Classic, making it unresponsive and preventing operators from monitoring or controlling connected devices until the application is manually restarted.

Who's at risk

Operators and engineers using Rockwell Automation's RSLinx Classic software for monitoring and controlling Allen-Bradley PLCs, drives, and other devices in manufacturing, water treatment, electric utility, and other industrial environments should apply this update.

How it could be exploited

An attacker with network access to RSLinx Classic sends a specially crafted request to the application. The vulnerability causes the application to crash and become unresponsive, requiring manual restart to restore functionality.

Prerequisites

Network access to RSLinx Classic
No authentication required
RSLinx Classic version 4.50.00 or earlier

remotely exploitableno authentication requiredlow complexityaffects process visibility and control

Exploitability

Some exploitation risk — EPSS score 3.4%

Affected products (1)

ProductAffected VersionsFix Status

RSLinx Classic≤ 4.50.00No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to RSLinx Classic to only authorized engineering and operator workstations using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade RSLinx Classic to version 4.60.00 or later

HOTFIXIf unable to upgrade immediately, apply patch BF31213 to your current RSLinx Classic version

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate RSLinx Classic and connected devices on a separate OT network from untrusted networks

CVEs (1)

CVE-2020-13573

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6d6d128f-942b-4492-beef-6ce039837859

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.