Details of VAR-202509-0677

ID

VAR-202509-0677

CVE

CVE-2025-7970

TITLE

Rockwell Automation of FactoryTalk Activation Manager Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2025-014626

DESCRIPTION

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. Rockwell Automation of FactoryTalk Activation Manager There is a vulnerability in the lack of authentication for critical features.Information may be obtained. Rockwell Automation is a leading global provider of industrial automation and control solutions, focused on helping companies achieve smart manufacturing and digital transformation

Trust: 2.16

sources: NVD: CVE-2025-7970 // JVNDB: JVNDB-2025-014626 // CNVD: CNVD-2025-21174

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21174

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk activation manager	scope:	gte	version:	5.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	factorytalk activation manager	scope:	lte	version:	5.01.01	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk activation manager	scope:	eq	version:	5.00.00 to 5.01.01	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk activation manager	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk activation manager	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation factorytalk activation manager	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-21174 // JVNDB: JVNDB-2025-014626 // NVD: CVE-2025-7970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-7970
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2025-7970
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-7970
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-21174
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21174
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-7970
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-7970
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-21174 // JVNDB: JVNDB-2025-014626 // NVD: CVE-2025-7970 // NVD: CVE-2025-7970

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-014626 // NVD: CVE-2025-7970

PATCH

title:

Patch for Rockwell Automation FactoryTalk Activation Manager Data Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/731321

Trust: 0.6

sources: CNVD: CNVD-2025-21174

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7970	Trust: 3.2
db:	ICS CERT	id:	ICSA-25-252-05	Trust: 0.8
db:	JVN	id:	JVNVU91167869	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-014626	Trust: 0.8
db:	CNVD	id:	CNVD-2025-21174	Trust: 0.6

sources: CNVD: CNVD-2025-21174 // JVNDB: JVNDB-2025-014626 // NVD: CVE-2025-7970

REFERENCES

url:	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1741.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7970	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91167869/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-05	Trust: 0.8

sources: CNVD: CNVD-2025-21174 // JVNDB: JVNDB-2025-014626 // NVD: CVE-2025-7970

SOURCES

db:	CNVD	id:	CNVD-2025-21174
db:	JVNDB	id:	JVNDB-2025-014626
db:	NVD	id:	CVE-2025-7970

LAST UPDATE DATE

2025-10-17T20:43:49.616000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21174	date:	2025-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2025-014626	date:	2025-09-29T05:56:00
db:	NVD	id:	CVE-2025-7970	date:	2025-09-17T15:59:35.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21174	date:	2025-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2025-014626	date:	2025-09-29T00:00:00
db:	NVD	id:	CVE-2025-7970	date:	2025-09-09T13:15:31.963