Rockwell Automation Stratix® IOS Cross-Site Request Forgery to Code Execution...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.

Basic Information

ID CVE-2025-7350

Source Rockwell

Published Sep 9, 2025 at 12:53

Modified Sep 9, 2025 at 13:21

Affected Product

Vendor Rockwell Automation

Product Stratix IOS

Version 15.2(8)E5 and below

Affected Versions Rockwell Automation Stratix IOS 15.2(8)E5 and below

CWE Classification

CWE-74

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1745.html

{
    "lastseen": "",
    "description": "A security issue affecting multiple Cisco devices also directly impacts Stratix\u00ae 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.",
    "published": "2025-09-09T12:53:17.801Z",
    "modified": "2025-09-09T13:21:03.185Z",
    "type": "cve",
    "title": "Rockwell Automation Stratix\u00ae IOS Cross-Site Request Forgery to Code Execution Vulnerability",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1745.html",
    "id": "CVE-2025-7350",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Stratix IOS 15.2(8)E5 and below",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Stratix IOS",
    "version": "15.2(8)E5 and below",
    "vendor": "Rockwell Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rockwell Automation Stratix® IOS Cross-Site Request Forgery to Code Execution Vulnerability_CVE-2025-7350