Details of VAR-202510-1230

ID

VAR-202510-1230

CVE

CVE-2025-7330

TITLE

Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24583

DESCRIPTION

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link. The Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation

Trust: 1.44

sources: NVD: CVE-2025-7330 // CNVD: CNVD-2025-24583

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24583

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	1783-natr	scope:	lt	version:	1.007	Trust: 1.0
vendor:	rockwell	model:	automation comms 1783-natr	scope:	eq	version:	-<=1.006	Trust: 0.6

sources: CNVD: CNVD-2025-24583 // NVD: CVE-2025-7330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-7330
value:	MEDIUM
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2025-7330
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-24583
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-24583
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-7330
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-24583 // NVD: CVE-2025-7330 // NVD: CVE-2025-7330

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.0

sources: NVD: CVE-2025-7330

PATCH

title:

Patch for Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/745541

Trust: 0.6

sources: CNVD: CNVD-2025-24583

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7330	Trust: 1.6
db:	CNVD	id:	CNVD-2025-24583	Trust: 0.6

sources: CNVD: CNVD-2025-24583 // NVD: CVE-2025-7330

REFERENCES

url:

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1756.html

Trust: 1.6

sources: CNVD: CNVD-2025-24583 // NVD: CVE-2025-7330

SOURCES

db:	CNVD	id:	CNVD-2025-24583
db:	NVD	id:	CVE-2025-7330

LAST UPDATE DATE

2025-11-19T23:30:51.233000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24583	date:	2025-10-23T00:00:00
db:	NVD	id:	CVE-2025-7330	date:	2025-10-30T21:41:48.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24583	date:	2025-10-23T00:00:00
db:	NVD	id:	CVE-2025-7330	date:	2025-10-14T13:15:39.323