RCE in Rockwell Automation 1756-en2f/c

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps…

EPSS: 0.009 (54.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-7353?
CVE-2025-7353 is a vulnerability in Rockwell Automation 1756-en2f/c, classified under Initialization of a Resource with an Insecure Default. Published 2025-08-14.
Is CVE-2025-7353 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.