CVE-2025-8008
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-17

Assigner: Rockwell Automation

Description
A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-17
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8008
EUVD
EUVD-2025-29760
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
rockwellautomation 1756-en2tr_series_a_firmware to 7.001 (exc)
rockwellautomation 1756-en2tr_series_a *
rockwellautomation 1756-en2tr_series_b_firmware to 7.001 (exc)
rockwellautomation 1756-en2tr_series_b *
rockwellautomation 1756-en2tr_series_c_firmware to 7.001 (exc)
rockwellautomation 1756-en2tr_series_c *
rockwellautomation 1756-en4tr_firmware to 7.001 (exc)
rockwellautomation 1756-en4tr *
rockwellautomation 1756-en4trxt_firmware to 7.001 (exc)
rockwellautomation 1756-en4trxt *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the protected mode of EN4TR devices, where sending specially crafted messages during a Forward Close operation can cause the device to crash. It is caused by improper handling of exceptional conditions, leading to a major fault that results in loss of device availability. [1]

Impact Analysis

The vulnerability can cause the affected EN4TR devices to crash unexpectedly during a Forward Close operation, resulting in a major non-recoverable fault. This leads to loss of device availability, which can disrupt industrial control systems and potentially halt critical operations. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected devices (1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT) to software version 7.001 or later. If upgrading immediately is not possible, users should follow Rockwell Automation's security best practices to reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8008. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart