OT Vulnerabilities Mount But Patching Still a Problem

PLCs Increasingly in Hacker Crosshairs, Warns Trellix Greg Sirico • November 18, 2025

Patching is still the mortal weaknesses of operational technology environments, warns cybersecurity firm Trellix in a report assessing incidents in critical infrastructure settings during the middle two quarters of this year.

See Also: AI vs. AI: Leveling the Defense Playing Field

Patching a programmable logic controller has never been as straightforward as updating a Windows laptop. But a mounting pile of cataloged OT vulnerabilities are creating opportunities for attackers, who increasingly have turned to the systems controlling critical infrastructure - whether to make a political statement or wreak havoc (see: Internet-Exposed OT Devices at Risk Amid Israel-Hamas War).

PLCs face increased hacker targeting, Trellix said, pointing to insecure remote connectivity devices that provide attackers pathways to access. One flaw detected earlier this year in Rockwell ControlLogix Ethernet modules, tracked as CVE-2025-7353, could give attackers remote code execution ...