CVE-2025-7328

EPSS 0.02%
Veröffentlicht 14.10.2025 12:35:22
Zuletzt bearbeitet 29.10.2025 15:40:38
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ 1783-natr Firmware Version < 1.007

Rockwellautomation ≫ 1783-natr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PSIRT@rockwellautomation.com	9.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-7328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7328

EUVD