Auth bypass in Rockwell Automation 5032-cfgb16m12dr
CVE-2025-7773
A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.
Vulnerability class: Broken Access Control
EPSS: 0.004 (30.0th percentile) — read the EPSS interpretation.
Affected products
- Rockwell Automation 5032-cfgb16m12dr — versions 1.011
- Rockwell Automation 5032-cfgb16m12m12ldr — versions 1.011
- Rockwell Automation 5032-cfgb16m12p5dr — versions 1.011
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-7773?
- CVE-2025-7773 is a vulnerability in Rockwell Automation 5032-cfgb16m12dr, classified under Incorrect Authorization. Published 2025-08-14.
- Is CVE-2025-7773 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.