Rockwell 1756-EN4TR, EN4TRXT - Multiple Vulnerabilities

Monitor6.5SD1739Aug 13, 2025

Summary

The Rockwell Automation 1756-EN4TR and EN4TRXT Ethernet modules contain multiple vulnerabilities affecting all versions. No vendor fix is available. These vulnerabilities could allow unauthorized network access or communication interception on industrial control networks. Users should rely on network-layer controls and monitoring to mitigate risk.

What this means

What could happen

An attacker with network access to the Ethernet module could potentially intercept communications, cause denial of service, or bypass security controls, leading to disruption of industrial control operations or unauthorized access to PLC systems.

Who's at risk

Water utilities, electric utilities, and manufacturing facilities using Rockwell CompactLogix or ControlLogix PLCs with 1756-EN4TR or EN4TRXT Ethernet modules should be concerned. These modules provide network connectivity for PLC communication, making them critical to plant operations.

How it could be exploited

An attacker on the same network segment or with routable access to the module could send specially crafted network packets or exploit communication weaknesses to intercept traffic, disrupt EtherNet/IP communications to PLCs, or gain unauthorized access to control logic.

Prerequisites

Network access to the 1756-EN4TR or EN4TRXT module on port 44818 (EtherNet/IP) or related communication ports
Device must be powered and actively communicating on the network

remotely exploitableno patch availableaffects control system communications

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

1756-EN4TR, EN4TRXTAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDeploy a firewall or access control list (ACL) to restrict network access to the Ethernet module to only authorized engineering workstations and HMI systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGReview and document all authorized users and systems that need direct access to the 1756-EN4TR/EN4TRXT modules

Mitigations - no patch available

0/2

1756-EN4TR, EN4TRXT has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation: isolate the PLC and Ethernet modules on a separate VLAN from corporate IT networks and untrusted devices

HARDENINGMonitor network traffic to the Ethernet module for unusual communication patterns or failed connection attempts

CVEs (2)

CVE-2025-8007 CVE-2025-8008

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/761233c9-cd28-40a9-ae7c-23f6fbcfdde8