Published Date: 8/14/2025
Last Updated: 8/14/2025
Revision Number: 1.0
CVSS Score: 8.6/10
The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.
AFFECTED PRODUCTS AND SOLUTION
Affected Product |
CVE |
First Known in Software Version |
Corrected in Software Version |
CVE-2025-7773 |
1.011 |
1.012 |
|
CVE-2025-7774 |
1.011
|
1.012
|
VULNERABILITY DETAILS
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2025- 7773
A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.
CVSS 3.1 Base Score: 8.6
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS 4.0 Base Score: 8.8
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CWE: CWE-863: Incorrect Authorization
Known Exploited Vulnerability (KEV) database: No
CVE-2025- 7774
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions.
CVSS 3.1 Base Score: 8.6
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS 4.0 Base Score: 8.8
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CWE: CWE-306: Missing Authentication for Critical Function
Known Exploited Vulnerability (KEV) database: No
Mitigations and Workarounds
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied.
