Search
Find a vulnerability
Search criteria
2 vulnerabilities found for factorytalk_activation_manager by rockwellautomation
CVE-2025-7970 (GCVE-0-2025-7970)
Vulnerability from nvd – Published: 2025-09-09 12:46 – Updated: 2025-09-09 13:35
VLAI
Title
Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability
Summary
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk Activation Manager |
Affected:
5.00
|
Date Public
2025-09-09 12:46
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:35:12.189401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:35:17.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk Activation Manager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "5.00"
}
]
}
],
"datePublic": "2025-09-09T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.\u003c/span\u003e"
}
],
"value": "A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:46:36.372Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html"
}
],
"source": {
"advisory": "SD1741",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-7970",
"datePublished": "2025-09-09T12:46:36.372Z",
"dateReserved": "2025-07-21T19:00:46.407Z",
"dateUpdated": "2025-09-09T13:35:17.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7970 (GCVE-0-2025-7970)
Vulnerability from cvelistv5 – Published: 2025-09-09 12:46 – Updated: 2025-09-09 13:35
VLAI
Title
Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability
Summary
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk Activation Manager |
Affected:
5.00
|
Date Public
2025-09-09 12:46
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:35:12.189401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:35:17.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk Activation Manager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "5.00"
}
]
}
],
"datePublic": "2025-09-09T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.\u003c/span\u003e"
}
],
"value": "A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:46:36.372Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html"
}
],
"source": {
"advisory": "SD1741",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-7970",
"datePublished": "2025-09-09T12:46:36.372Z",
"dateReserved": "2025-07-21T19:00:46.407Z",
"dateUpdated": "2025-09-09T13:35:17.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}