Loading

ArmorBlock 5000 I/O – Web Server Vulnerabilities

Severity:
High
Advisory ID:
SD1733
Published Date:
August 14, 2025
Last Updated:
August 14, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
Yes
Workaround:
No
CVE IDs
CVE-2025- 7773,
CVE-2025- 7774
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
JSON
Summary

Published Date: 8/14/2025 
Last Updated: 8/14/2025 
Revision Number: 1.0 
CVSS Score: 8.6/10 

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments. 

AFFECTED PRODUCTS AND SOLUTION

Affected Product 

CVE 

First Known in Software Version 

Corrected in Software Version 

5032-CFGB16M12P5DR

5032-CFGB16M12DR

5032-CFGB16M12M12LDR

CVE-2025-7773 

1.011    

1.012 

5032-CFGB16M12P5DR

5032-CFGB16M12DR

5032-CFGB16M12M12LDR

CVE-2025-7774 

1.011 

 

1.012 

 

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities. 

CVE-2025- 7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.  

CVSS 3.1 Base Score: 8.6 
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS 4.0 Base Score: 8.8 
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CWE:  CWE-863: Incorrect Authorization 
Known Exploited Vulnerability (KEV) database: No 

 

 

CVE-2025- 7774

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions. 

CVSS 3.1 Base Score: 8.6 
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS 4.0 Base Score: 8.8 
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

 

CWE:  CWE-306: Missing Authentication for Critical Function
Known Exploited Vulnerability (KEV) database: No 

 

Mitigations and Workarounds 
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied.  

  • Security Best Practices

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose