Rockwell ControlLogix® Ethernet Remote Code Execution Vulnerability
Plan Patch9.8SD1732Aug 14, 2025
Summary
Rockwell ControlLogix Ethernet Remote controllers contain a vulnerability in Ethernet packet processing that allows remote code execution. An attacker can send a crafted packet to the PLC to execute arbitrary code without authentication. Affected: All versions of ControlLogix Ethernet Remote. No firmware update is available from the vendor.
What this means
What could happen
An attacker with network access to a ControlLogix PLC could execute arbitrary code on the controller, potentially altering process setpoints, stopping critical operations, or causing equipment damage.
Who's at risk
Water treatment plants, electric utilities, and other critical infrastructure operators using Rockwell ControlLogix Ethernet-enabled PLCs should be concerned. This affects any facility relying on ControlLogix for process automation, emergency shutdown, or safety interlocks.
How it could be exploited
An attacker sends a specially crafted Ethernet packet to the ControlLogix controller's Ethernet port (typically port 2222 or 44818). The controller processes the malformed packet without proper validation, allowing the attacker to inject and execute arbitrary code on the PLC.
Prerequisites
- Network access to the ControlLogix Ethernet port (port 2222 or 44818)
- ControlLogix controller must be reachable from attacker's network
- No authentication credentials required
Remotely exploitableNo authentication requiredNo patch availableHigh CVSS score (9.8)Affects safety-critical systems
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
ControlLogix Ethernet RemoteAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to ControlLogix Ethernet ports (2222, 44818) using firewall rules; allow only known engineering workstations and HMI systems
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXContact Rockwell Automation to inquire about future firmware updates or mitigations as they become available
Mitigations - no patch available
0/2ControlLogix Ethernet Remote has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the control network from corporate IT networks and untrusted zones using industrial firewalls or air-gapped networks
HARDENINGMonitor network traffic to the PLC for anomalies; log and alert on unexpected connection attempts to Ethernet ports
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/634b1105-6aa4-43c2-81c6-d5445d4b5572