Attention, High Voltage: Exploring the Attack Surface of the Rockwell Automation PowerMonitor 1000

This report analyzes the firmware and web interface of the Rockwell/Allen-Bradley PowerMonitor 1000, uncovering three high‑severity remotely exploitable vulnerabilities—an authentication bypass and two buffer overflows—that could allow attackers to crash devices, bypass authentication, or achieve remote code execution; CISA rated the issues CVSS 9.8 and Rockwell released firmware updates (revision 4.020) to remediate the flaws.