HIGH✓ PATCH🇬🇧 English

CVE-2025-7330

CVSS 7.0v4.0pub. 2025-10-14upd. 2025-10-30

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation 1783 Natr

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1783 Natr Firmware

    OS
    Rockwellautomation
    < 1.007
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-7328CRITICAL9.9PL ✓ten sam produkt

Brak uwierzytelnienia w krytycznych funkcjach Rockwell Automation 1783-NATR

CVE-2025-7329HIGH8.5ten sam produkt

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a mal...

CVE-2023-20198CRITICAL10.0⚠ KEVten sam vendor

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2021-22681CRITICAL9.8⚠ KEVten sam vendor

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...

CVE-2025-0477CRITICAL9.3PL ✓ten sam vendor

Słabe szyfrowanie haseł w Rockwell Automation FactoryTalk AssetCentre