Rockwell 1783-NATR Memory Size Calculation Underflow Vulnerability
Monitor7.3SD1744Sep 9, 2025
Summary
The 1783-NATR industrial Ethernet switch contains a memory size calculation underflow vulnerability in its packet handling logic. When the device processes a specially crafted network packet, the underflow condition can cause the device to crash or become unstable, disrupting network communication for connected industrial control devices.
What this means
What could happen
An attacker with network access to the 1783-NATR device could trigger a memory underflow condition that crashes the device, disrupting network communication and any industrial processes dependent on this network infrastructure component.
Who's at risk
Water utilities and municipal electric systems using Rockwell 1783-NATR industrial Ethernet switches in their control networks. This device is critical to communication between PLCs, RTUs, and SCADA servers, so any loss of function directly impacts process monitoring and control capability.
How it could be exploited
An attacker sends a specially crafted network packet to the 1783-NATR device that exploits improper memory size calculation in the device's packet handling logic. The underflow condition causes the device to crash or enter an unstable state, severing network connectivity for connected industrial control systems.
Prerequisites
- Network access to the 1783-NATR device on its communication port
- No authentication required to send malicious packets
remotely exploitableno authentication requiredno patch availableaffects network infrastructure (switch device)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
1783-NATR Memory SizeAll versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1HARDENINGIsolate the 1783-NATR device to a protected network segment using firewall rules and access control lists; restrict inbound network traffic to only authorized engineering workstations and control systems
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGImplement network monitoring to detect and alert on abnormal traffic patterns or repeated connection attempts to the 1783-NATR device
Long-term hardening
0/1HOTFIXMonitor for vendor security updates from Rockwell Automation; contact Rockwell support to determine if a future firmware patch is planned
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d2bb65ea-5141-4abf-bb5d-609779d55082