Critical Vulnerability Information Summary Urgent Notice: Rockwell Automation recommends upgrading 1756-RM2(XT) to 1756-RM3(XT). Important Information Severity: High Recommendation ID: SD1769 CVE ID: CVE-2025-14027 Release Date: January 20, 2026 Last Updated: January 20, 2026 Revision: 1.0 Known Exploited Vulnerabilities (KEV): No Fixed: No Workarounds: Yes Product Description Affected Product: ControlLogix® Redundancy Enhanced Module CVE Number: CVE-2025-14027 Affected Firmware Versions: All Versions Fixed Firmware Versions: Not Available Affected Catalog Numbers: 1756-RM2, 1756-RM2XT Security Issue Details Category: CVE ID Impact: - Multiple denial-of-service vulnerabilities exist in the affected products. These issues can be triggered by various forged inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploiting these vulnerabilities may render the device unresponsive and, in some cases, cause severe unrecoverable failures. Recovery may require a reboot. CVSS 3.1 Base Score: 7.5/10 CVSS 4.0 Base Score: 8.7/10 CWE: CWE-401: Use After Free (Memory not released after valid lifetime) Known Exploited Vulnerability: No (Not in KEV database) Mitigation and Workarounds Important Notice: Rockwell Automation recommends customers upgrade from 1756-RM2 to 1756-RM3. Customers using affected products who cannot upgrade to 1756-RM3 should follow our best security practices. Revision History Revision 1.0 - Date: January 20, 2026 - Description: Initial release