Rockwell RSLinx Classic Third-Party Vulnerability CVE-2020-13573
MonitorCVSS 7.5SD1774Jun 16, 2026
Rockwell Automation
Summary
CVE-2020-13573 is a third-party vulnerability affecting Rockwell Automation RSLinx Classic. The vulnerability allows an attacker with network access to execute arbitrary code on the engineering workstation. RSLinx Classic is widely used for configuration, monitoring, and maintenance of Rockwell control devices including PLCs and network modules. No patch is currently available from the vendor.
What this means
What could happen
An attacker with network access to RSLinx Classic could execute arbitrary code on the engineering workstation, potentially allowing them to modify control logic, alter process setpoints, or disrupt communication with PLCs and other control devices.
Who's at risk
Manufacturing facilities, water treatment plants, and electric utilities that rely on Rockwell Automation PLC and control device programming and maintenance. Engineering teams using RSLinx Classic for system configuration and diagnostics are directly at risk, as are any connected control devices (PLCs, drives, safety controllers) that the compromised workstation can communicate with.
How it could be exploited
An attacker on the network sends a specially crafted request to the RSLinx Classic process. If the application processes this input without proper validation, the attacker gains code execution on the workstation running RSLinx Classic. From there, the attacker can abuse the legitimate connection that RSLinx maintains to control devices to issue unauthorized commands.
Prerequisites
- Network access to the engineering workstation running RSLinx Classic
- RSLinx Classic must be running and accessible on the network
remotely exploitableno patch availablehigh CVSS score (7.5)
Exploitability
Some exploitation risk — EPSS score 3.4%
Affected products (1)
ProductAffected VersionsFix Status
RSLinx Classic Third-PartyAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to engineering workstations running RSLinx Classic to only authorized users and devices using firewall rules and network segmentation
WORKAROUNDMonitor RSLinx Classic processes and network connections for unexpected outbound traffic or unauthorized commands to control devices
Mitigations - no patch available
0/2RSLinx Classic Third-Party has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate RSLinx Classic workstations on a separate VLAN with strict ingress/egress controls to limit exposure to untrusted networks
HARDENINGDisable or restrict remote access to engineering workstations; require in-person access or VPN with multi-factor authentication if remote engineering is necessary
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0a1ef60e-0fad-483f-bd65-4de15462c8f0Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.