CVE-2025-7970
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-17
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwellautomation | factorytalk_activation_manager | From 5.00.00 (inc) to 5.01.01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in FactoryTalk Activation Manager involves an incorrect implementation of cryptography that allows attackers to decrypt communication traffic. This flaw can lead to data exposure, session hijacking, or full compromise of communications between the software and activation services. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive data, enabling attackers to hijack sessions, or fully compromising the communication between FactoryTalk Activation Manager and its activation services, potentially leading to unauthorized access or data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Rockwell Automation's FactoryTalk Activation Manager software to version 5.02, which contains the fix. If upgrading immediately is not possible, follow Rockwell Automationβs security best practices and contact their technical support for guidance. [1]