Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for FactoryTalk Activation Manager by Rockwell Automation

    VAR-202509-0677

    Vulnerability from variot - Updated: 2025-10-17 20:43

    A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. Rockwell Automation of FactoryTalk Activation Manager There is a vulnerability in the lack of authentication for critical features.Information may be obtained. Rockwell Automation is a leading global provider of industrial automation and control solutions, focused on helping companies achieve smart manufacturing and digital transformation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202509-0677",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "factorytalk activation manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "rockwellautomation",
            "version": "5.00.00"
          },
          {
            "model": "factorytalk activation manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "rockwellautomation",
            "version": "5.01.01"
          },
          {
            "model": "factorytalk activation manager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": "5.00.00  to  5.01.01"
          },
          {
            "model": "factorytalk activation manager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": "factorytalk activation manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": "automation factorytalk activation manager",
            "scope": null,
            "trust": 0.6,
            "vendor": "rockwell",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "cve": "CVE-2025-7970",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-21174",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-7970",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2025-7970",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-7970",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "PSIRT@rockwellautomation.com",
                "id": "CVE-2025-7970",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2025-7970",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-21174",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. Rockwell Automation of FactoryTalk Activation Manager There is a vulnerability in the lack of authentication for critical features.Information may be obtained. Rockwell Automation is a leading global provider of industrial automation and control solutions, focused on helping companies achieve smart manufacturing and digital transformation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-7970",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-252-05",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU91167869",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "id": "VAR-202509-0677",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          }
        ]
      },
      "last_update_date": "2025-10-17T20:43:49.616000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Rockwell Automation FactoryTalk Activation Manager Data Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/731321"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1741.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-7970"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91167869/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "date": "2025-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "date": "2025-09-09T13:15:31.963000",
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-21174"
          },
          {
            "date": "2025-09-29T05:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          },
          {
            "date": "2025-09-17T15:59:35.430000",
            "db": "NVD",
            "id": "CVE-2025-7970"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rockwell\u00a0Automation\u00a0 of \u00a0FactoryTalk\u00a0Activation\u00a0Manager\u00a0 Vulnerability regarding lack of authentication for critical features in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014626"
          }
        ],
        "trust": 0.8
      }
    }

    CVE-2025-7970 (GCVE-0-2025-7970)

    Vulnerability from nvd – Published: 2025-09-09 12:46 – Updated: 2025-09-09 13:35
    VLAI
    Title
    Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability
    Summary
    A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Date Public
    2025-09-09 12:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T13:35:12.189401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T13:35:17.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk Activation Manager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00"
                }
              ]
            }
          ],
          "datePublic": "2025-09-09T12:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.\u003c/span\u003e"
                }
              ],
              "value": "A security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T12:46:36.372Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html"
            }
          ],
          "source": {
            "advisory": "SD1741",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2025-7970",
        "datePublished": "2025-09-09T12:46:36.372Z",
        "dateReserved": "2025-07-21T19:00:46.407Z",
        "dateUpdated": "2025-09-09T13:35:17.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7970 (GCVE-0-2025-7970)

    Vulnerability from cvelistv5 – Published: 2025-09-09 12:46 – Updated: 2025-09-09 13:35
    VLAI
    Title
    Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability
    Summary
    A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Date Public
    2025-09-09 12:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T13:35:12.189401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T13:35:17.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk Activation Manager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.00"
                }
              ]
            }
          ],
          "datePublic": "2025-09-09T12:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.\u003c/span\u003e"
                }
              ],
              "value": "A security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T12:46:36.372Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html"
            }
          ],
          "source": {
            "advisory": "SD1741",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2025-7970",
        "datePublished": "2025-09-09T12:46:36.372Z",
        "dateReserved": "2025-07-21T19:00:46.407Z",
        "dateUpdated": "2025-09-09T13:35:17.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }