CVE-2025-7970 HIGH

CVE-2025-7970: Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability

Vendor Rockwell Automation
Product FactoryTalk Activation Manager
Weakness CWE-306 · Missing auth
Published September 9, 2025
Last update September 9, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 9, 2025 Record updated