CVE-2025-7329

MEDIUM

Rockwell Automation 1783-NATR Firmware < 1.007 - Authenticated Stored Cross-Site Scripting in Configuration Fields

Title source: llm

Description

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html

Scores

CVSS v3 4.8

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

rockwellautomation/1783-natr_firmware < 1.007

Published Oct 14, 2025

Tracked Since Feb 18, 2026