CVE-2025-7970
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-17

Assigner: Rockwell Automation

Description
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-17
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7970
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockwellautomation factorytalk_activation_manager From 5.00.00 (inc) to 5.01.01 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in FactoryTalk Activation Manager involves an incorrect implementation of cryptography that allows attackers to decrypt communication traffic. This flaw can lead to data exposure, session hijacking, or full compromise of communications between the software and activation services. [1]

Impact Analysis

This vulnerability can impact you by exposing sensitive data, enabling attackers to hijack sessions, or fully compromising the communication between FactoryTalk Activation Manager and its activation services, potentially leading to unauthorized access or data breaches. [1]

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Rockwell Automation's FactoryTalk Activation Manager software to version 5.02, which contains the fix. If upgrading immediately is not possible, follow Rockwell Automation’s security best practices and contact their technical support for guidance. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7970. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart