CVE-2025-7328

CRITICAL

Rockwell Automation 1783-NATR Firmware < 1.007 - Unauthenticated Denial of Service and Admin Account Takeover

Title source: llm

Description

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html

Scores

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

rockwellautomation/1783-natr_firmware < 1.007

Published Oct 14, 2025

Tracked Since Feb 18, 2026