HIGH✓ PATCH🇬🇧 English

CVE-2025-7329

CVSS 8.5v4.0pub. 2025-10-14upd. 2025-10-30

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation 1783 Natr

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1783 Natr Firmware

    OS
    Rockwellautomation
    < 1.007
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-7328CRITICAL9.9PL ✓ten sam produkt

Brak uwierzytelnienia w krytycznych funkcjach Rockwell Automation 1783-NATR

CVE-2025-7330HIGH7.0ten sam produkt

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems ...

CVE-2023-20198CRITICAL10.0⚠ KEVten sam vendor

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2021-22681CRITICAL9.8⚠ KEVten sam vendor

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...

CVE-2025-0477CRITICAL9.3PL ✓ten sam vendor

Słabe szyfrowanie haseł w Rockwell Automation FactoryTalk AssetCentre