Details of VAR-202510-0712

ID

VAR-202510-0712

CVE

CVE-2025-7329

TITLE

Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24585

DESCRIPTION

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login. The Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site scripting vulnerability caused by improper validation of user-supplied input

Trust: 1.44

sources: NVD: CVE-2025-7329 // CNVD: CNVD-2025-24585

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24585

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	1783-natr	scope:	lt	version:	1.007	Trust: 1.0
vendor:	rockwell	model:	automation comms 1783-natr	scope:	eq	version:	-<=1.006	Trust: 0.6

sources: CNVD: CNVD-2025-24585 // NVD: CVE-2025-7329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-7329
value:	MEDIUM
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2025-7329
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-24585
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-24585
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-7329
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-24585 // NVD: CVE-2025-7329 // NVD: CVE-2025-7329

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2025-7329

PATCH

title:

Patch for Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/745551

Trust: 0.6

sources: CNVD: CNVD-2025-24585

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7329	Trust: 1.6
db:	CNVD	id:	CNVD-2025-24585	Trust: 0.6

sources: CNVD: CNVD-2025-24585 // NVD: CVE-2025-7329

REFERENCES

url:

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1756.html

Trust: 1.6

sources: CNVD: CNVD-2025-24585 // NVD: CVE-2025-7329

SOURCES

db:	CNVD	id:	CNVD-2025-24585
db:	NVD	id:	CVE-2025-7329

LAST UPDATE DATE

2025-11-19T23:22:56.769000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24585	date:	2025-10-23T00:00:00
db:	NVD	id:	CVE-2025-7329	date:	2025-10-30T21:43:57.893

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24585	date:	2025-10-23T00:00:00
db:	NVD	id:	CVE-2025-7329	date:	2025-10-14T13:15:39.157