cnvd - cnvd-2025-21174

CNVD-2025-21174

Vulnerability from cnvd - Published: 2025-09-12

Title

Rockwell Automation FactoryTalk Activation Manager数据泄露漏洞

Description

Rockwell Automation是全球领先的工业自动化和控制解决方案提供商，专注于帮助企业实现智能制造与数字化转型。 Rockwell Automation FactoryTalk Activation Manager存在数据泄露漏洞，攻击者可利用该漏洞导致数据泄露或会话劫持。

Severity

高

Patch Name

Rockwell Automation FactoryTalk Activation Manager数据泄露漏洞的补丁

Patch Description

Rockwell Automation是全球领先的工业自动化和控制解决方案提供商，专注于帮助企业实现智能制造与数字化转型。 Rockwell Automation FactoryTalk Activation Manager存在数据泄露漏洞，攻击者可利用该漏洞导致数据泄露或会话劫持。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-7970

Impacted products

Name
Rockwell Automation FactoryTalk Activation Manager

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-7970",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-7970"
    }
  },
  "description": "Rockwell Automation\u662f\u5168\u7403\u9886\u5148\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u548c\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\u5546\uff0c\u4e13\u6ce8\u4e8e\u5e2e\u52a9\u4f01\u4e1a\u5b9e\u73b0\u667a\u80fd\u5236\u9020\u4e0e\u6570\u5b57\u5316\u8f6c\u578b\u3002\n\nRockwell Automation FactoryTalk Activation Manager\u5b58\u5728\u6570\u636e\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u6216\u4f1a\u8bdd\u52ab\u6301\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21174",
  "openTime": "2025-09-12",
  "patchDescription": "Rockwell Automation\u662f\u5168\u7403\u9886\u5148\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u548c\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\u5546\uff0c\u4e13\u6ce8\u4e8e\u5e2e\u52a9\u4f01\u4e1a\u5b9e\u73b0\u667a\u80fd\u5236\u9020\u4e0e\u6570\u5b57\u5316\u8f6c\u578b\u3002\r\n\r\nRockwell Automation FactoryTalk Activation Manager\u5b58\u5728\u6570\u636e\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u6216\u4f1a\u8bdd\u52ab\u6301\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation FactoryTalk Activation Manager\u6570\u636e\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation FactoryTalk Activation Manager"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-7970",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-11",
  "title": "Rockwell Automation FactoryTalk Activation Manager\u6570\u636e\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2025-7970 (GCVE-0-2025-7970)

Vulnerability from cvelistv5 – Published: 2025-09-09 12:46 – Updated: 2025-09-09 13:35

Summary

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

Rockwell

References

URL

Tags

https://www.rockwellautomation.com/en-us/trust-ce…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk Activation Manager	Affected: 5.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-09T13:35:12.189401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-09T13:35:17.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk Activation Manager",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "5.00"
            }
          ]
        }
      ],
      "datePublic": "2025-09-09T12:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.\u003c/span\u003e"
            }
          ],
          "value": "A security issue exists within FactoryTalk Activation Manager.  An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T12:46:36.372Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html"
        }
      ],
      "source": {
        "advisory": "SD1741",
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2025-7970",
    "datePublished": "2025-09-09T12:46:36.372Z",
    "dateReserved": "2025-07-21T19:00:46.407Z",
    "dateUpdated": "2025-09-09T13:35:17.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-21174

CVE-2025-7970 (GCVE-0-2025-7970)

Tags

Sightings

Nomenclature