CVE-2025-7329
published 2025-10-14CVE-2025-7329: A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or…
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.24%
14.8th percentile
A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | comms_1783-natr | — | — |
| rockwellautomation | 1783-natr_firmware | < 1.007 | 1.007 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv4.08.5HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation 1783-NATR
cisa_ics·2025-10-21·CVSS 9.8
[CRITICAL] Rockwell Automation 1783-NATR
ICS Advisory
##
Rockwell Automation 1783-NATR
Release DateOctober 21, 2025
Alert CodeICSA-25-294-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: 1783-NATR
- Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Cross-Site Request Forgery (CSRF)
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The f
GHSA
GHSA-pchw-rjxj-w382: A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive
ghsa_unreviewed·2025-10-14
CVE-2025-7329 [HIGH] CWE-79 GHSA-pchw-rjxj-w382: A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive
A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published