{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7330","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2025-07-07T18:50:56.565Z","datePublished":"2025-10-14T12:43:40.198Z","dateUpdated":"2025-10-14T13:11:44.272Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Comms - 1783-NATR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"Version 1.006 and prior"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.


"}],"value":"A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352: Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2025-10-14T12:43:40.198Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to version 1.007 and later\n\n
"}],"value":"Upgrade to version 1.007 and later https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx"}],"source":{"advisory":"SD1756","discovery":"INTERNAL"},"title":"Rockwell Automation 1783-NATR Cross-Site Request Forgery Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-14T13:11:31.462527Z","id":"CVE-2025-7330","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-14T13:11:44.272Z"}}]}}