CVE-2025-7328
published 2025-10-14CVE-2025-7328: Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.5th percentile
Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | comms_1783-natr | — | — |
| rockwellautomation | 1783-natr_firmware | < 1.007 | 1.007 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device: Rockwell Automation 1783-NATR running firmware version 1.006 or prior is vulnerable to unauthenticated access to critical functions (missing authentication checks), enabling denial-of-service, admin account takeover, or NAT rule modification. ↗
- →CVE-2025-7328 is remotely exploitable with no authentication, no user interaction, and low attack complexity (CVSS v3 10.0, AV:N/AC:L/PR:N/UI:N). Monitor for unauthenticated HTTP requests to administrative/configuration endpoints on 1783-NATR devices. ↗
- →Alert on unexpected NAT rule changes or admin credential modifications on 1783-NATR devices, which may indicate exploitation of the missing authentication vulnerability. ↗
- →Affected version scope: 1783-NATR firmware version 1.006 and prior. Devices running version 1.007 or later are patched. ↗
- ·No known public exploitation has been reported at time of advisory publication. Threat intelligence on active exploitation is currently absent. ↗
- ·Exploitation of the denial-of-service or NAT rule modification vectors causes devices to stop communicating through the NATR, which may be observable as a network-level outage rather than a traditional security alert. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.9CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation 1783-NATR
cisa_ics·2025-10-21·CVSS 9.8
[CRITICAL] Rockwell Automation 1783-NATR
ICS Advisory
##
Rockwell Automation 1783-NATR
Release DateOctober 21, 2025
Alert CodeICSA-25-294-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: 1783-NATR
- Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Cross-Site Request Forgery (CSRF)
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The f
GHSA
GHSA-92wv-q3g7-82cp: Multiple Broken Authentication security issues exist in the affected product
ghsa_unreviewed·2025-10-14
CVE-2025-7328 [CRITICAL] CWE-306 GHSA-92wv-q3g7-82cp: Multiple Broken Authentication security issues exist in the affected product
Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published