CISA 2026-06-16

Rockwell Automation RSLinx

CVE-2020-13573

Machine-generated analysis · WAYSCloud LLM

The advisory states that exploitation can cause a denial of service where the application becomes unresponsive and does not recover automatically.

Context

RSLinx Classic is a Rockwell Automation software used for industrial communication. The advisory identifies an out-of-bounds read vulnerability (CVE-2020-13573) that could lead to a denial of service. It notes the affected versions are RSLinx Classic <=4.50.00. The vulnerability has a CVSSv3 score of 7.5 and a higher CVSSv4 score of 8.7, both rated as HIGH.

Operator considerations

- Patch: Upgrade to RSLinx Classic version 4.60.00 or later, or apply patch BF31213 if upgrade is not immediately possible.
- Check: Verify if RSLinx Classic <=4.50.00 is deployed in the environment.
- Log: Monitor for unexpected application crashes or network traffic patterns that could indicate exploitation attempts.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own.

The following versions of RSLinx Classic Third-Party Vulnerability are affected:

RSLinx Classic

Read the full advisory on CISA →