Loading

FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability

Severity:
High
Advisory ID:
SD1740
Fecha de publicación:
August 13, 2025
Última actualización:
August 13, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
Sí
Workaround:
No
CVE IDs
CVE-2025-7532
Descargas
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Resumen

Published Date: 8/14/2025 
Last Updated: 8/14/2025 
Revision Number: 1.0 
CVSS Score: 8.5/10

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.

AFFECTED PRODUCTS AND SOLUTION

 

 

Affected Product

 

 

 

 

CVE

 

 

 

 

Affected Software Versions

 

 

 

 

Corrected in Software Version

 

 

 

 

FactoryTalk® Action Manager

 

 

 

 

CVE-2025-9036

 

 

 

 

1.0.0

 

 

 

 

1.01

 

 

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2025-9036 IMPACT

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection.

CVSS 3.1 Base Score: 7.8 
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVSS 4.0 Base Score: 8.5 
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE:  Exposure of Sensitive Information to an Unauthorized Actor 
Known Exploited Vulnerability (KEV) database: No

Mitigations and Workarounds 
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied.

·         Security Best Practices

 

 

Glossary:

  • API: (Application Programming Interface) is a set of protocols and tools that allow different software applications to communicate with each other

  • WebSocket: protocol used for communication between a client and a server over a single connection

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página principal de Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Actualice sus preferencias de cookies para continuar.
Esta función requiere cookies para mejorar su experiencia. Actualice sus preferencias para permitir estas cookies.:
  • Cookies de Redes Sociales
  • Cookies Funcionales
  • Cookies de Performance
  • Cookies de Marketing
  • Todas las cookies
Puede actualizar sus preferencias en cualquier momento. Para más información, vea nuestro {0} Política de Privacidad
CloseClose