Sign-up

ID

VAR-202510-1054


CVE

CVE-2025-7328


TITLE

Rockwell Automation Comm-1783-NATR has an unspecified vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24584

DESCRIPTION

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore. The Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation

Trust: 1.44

sources: NVD: CVE-2025-7328 // CNVD: CNVD-2025-24584

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-24584

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:1783-natrscope:ltversion:1.007

Trust: 1.0

vendor:rockwellmodel:automation comms 1783-natrscope:eqversion:-<=1.006

Trust: 0.6

sources: CNVD: CNVD-2025-24584 // NVD: CVE-2025-7328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-7328
value: CRITICAL

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2025-7328
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-24584
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-24584
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2025-7328
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-24584 // NVD: CVE-2025-7328 // NVD: CVE-2025-7328

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2025-7328

PATCH

title:Patch for Rockwell Automation Comm-1783-NATR has an unspecified vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/745546

Trust: 0.6

sources: CNVD: CNVD-2025-24584

EXTERNAL IDS

db:NVDid:CVE-2025-7328

Trust: 1.6

db:CNVDid:CNVD-2025-24584

Trust: 0.6

sources: CNVD: CNVD-2025-24584 // NVD: CVE-2025-7328

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1756.html

Trust: 1.6

sources: CNVD: CNVD-2025-24584 // NVD: CVE-2025-7328

SOURCES

db:CNVDid:CNVD-2025-24584
db:NVDid:CVE-2025-7328

LAST UPDATE DATE

2025-11-19T23:24:56.474000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-24584date:2025-10-23T00:00:00
db:NVDid:CVE-2025-7328date:2025-10-29T15:40:38.553

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-24584date:2025-10-23T00:00:00
db:NVDid:CVE-2025-7328date:2025-10-14T13:15:38.987