Rockwell Automation Comms – 1783-NATR Stored Cross-Site Scripting Vulnerability

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.

AI Analysis

AI processing failed - returned non-JSON response

Basic Information

ID CVE-2025-7329

Source Rockwell

Published Oct 14, 2025 at 12:37

Modified Oct 14, 2025 at 13:18

Affected Product

Vendor Rockwell Automation

Product Comms - 1783-NATR

Version Version 1.006 and prior

Affected Versions Rockwell Automation Comms - 1783-NATR Version 1.006 and prior

CWE Classification

CWE-79

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1756.html

{
    "lastseen": "",
    "description": "A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.",
    "published": "2025-10-14T12:37:44.866Z",
    "modified": "2025-10-14T13:18:03.602Z",
    "type": "cve",
    "title": "Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html",
    "id": "CVE-2025-7329",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Comms - 1783-NATR Version 1.006 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Comms - 1783-NATR",
    "version": "Version 1.006 and prior",
    "vendor": "Rockwell Automation",
    "ai_description": "AI processing failed - returned non-JSON response",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rockwell Automation Comms – 1783-NATR Stored Cross-Site Scripting Vulnerability_CVE-2025-7329