Summary
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.
The following versions of Rockwell Automation ControlLogix are affected:
- ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware vers:all/* (CVE-2025-14027)
- ControlLogix Redundancy Enhanced Module Catalog 1756-RM2XT Firmware vers:all/* (CVE-2025-14027)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.5 | Rockwell Automation | Rockwell Automation ControlLogix | Missing Release of Memory after Effective Lifetime |
Background
- Critical Infrastructure Sectors: Chemical, Energy, Critical Manufacturing, Food and Agriculture, Transportation Systems, Water and Wastewater
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2025-14027
Multiple denial-of-service issues exist in 1756-RM2 and 1756-RM2XT firmware (ControlLogix Redundancy Enhanced Modules). These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.
Affected Products
Rockwell Automation ControlLogix
Vendor:
Rockwell Automation
Rockwell Automation
Product Version:
Rockwell Automation ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*, Rockwell Automation C
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Rockwell Automation ControlLogix Redundancy Enhanced Module Catalog 1756-RM2 Firmware: vers:all/*, Rockwell Automation C
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: