All CISA Advisories, EN

Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT

2025-08-14 18:08

1. EXECUTIVE SUMMARY

CVSS v4 7.1
ATTENTION: Low attack complexity
Vendor: Rockwell Automation
Equipment: 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
Vulnerabilities: Improper Input Validation, Improper Handling of Exceptional Conditions

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Rockwell Automation products are affected:

1756-ENT2R: Versions prior to 7.001
1756-EN4TR: Versions prior to 7.001
1756-EN4TRXT: Versions prior to 7.001

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER INPUT VALIDATION CWE-20

A security issue exists in the protected mode of 1756-EN4TR and 1756-ENT2R communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

CVE-2025-8007 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-8007. A base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.2 I

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT

Tags: All CISA Advisories EN

Post navigation

← Siemens Third-Party Components in SINEC OS

Rockwell Automation FactoryTalk Viewpoint →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

My favorite power station now has a massive discount on Amazon August 15, 2025

Own a PS5? Changing these 3 settings gave my console an instant performance boost August 15, 2025

These smart glasses can read menus and ‘see for you’, thanks to AI August 15, 2025

ESR issues recall for power bank due to fire risk – here’s what you need to know and do ASAP August 15, 2025

How the Premier League uses AI to boost fan experiences and score new business goals August 15, 2025

BSidesSF 2025: Don’t Trust, Verify! – How I Found A CSRF Bug Hiding In Plain Sight August 15, 2025

62% of People Believe AI Agents Are Easier To Deceive Than Humans August 14, 2025

Threat Actors Weaponizing YouTube Video Download Site to Download Proxyware Malware August 14, 2025

New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware August 14, 2025

Ransomware Actors Combine Legitimate Tools with Custom Malware to Evade Detection August 14, 2025

Spring 2025 PCI 3DS compliance package available now August 14, 2025

IT Security News Hourly Summary 2025-08-14 21h : 6 posts August 14, 2025

New Trends in Phishing Attacks Emerges as AI Reshaping the Tool Used by Cybercriminals August 14, 2025

Threat Actors Leverage CrossC2 to Extend Cobalt Strike to Linux and macOS August 14, 2025

Google Announces That Android’s pKVM Framework Achieves SESIP Level 5 Certification August 14, 2025

Psst: wanna buy a legit FBI email account for $40? August 14, 2025

Norway spy chief blames Russian hackers for hijacking dam August 14, 2025

Norway confirms dam intrusion by Pro-Russian hackers August 14, 2025

PS1Bot: Multi-Stage Malware Framework Targeting Windows Systems August 14, 2025

The Next Frontier in Cybersecurity: Securing AI Agents Is Now Critical and Most Companies Aren’t Ready August 14, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}