Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

Basic Information

ID CVE-2025-7970

Source Rockwell

Published Sep 9, 2025 at 12:46

Modified Sep 9, 2025 at 13:35

Affected Product

Vendor Rockwell Automation

Product FactoryTalk Activation Manager

Version 5.00

Affected Versions Rockwell Automation FactoryTalk Activation Manager 5.00

CWE Classification

CWE-306

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1741.html

{
    "lastseen": "",
    "description": "A security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.",
    "published": "2025-09-09T12:46:36.372Z",
    "modified": "2025-09-09T13:35:17.769Z",
    "type": "cve",
    "title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html",
    "id": "CVE-2025-7970",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation FactoryTalk Activation Manager 5.00",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FactoryTalk Activation Manager",
    "version": "5.00",
    "vendor": "Rockwell Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability_CVE-2025-7970