CISA warns of critical vulnerabilities in Rockwell Automation 1783-NATR

CISA is reporting multiple security flaws in  Rockwell Automation's 1783-NATR network address translation router, at least one critical. The flaws could result in denial-of-service conditions, data modification, unauthorized access to sensitive information, and complete device compromise.

Vulnerabilities summary:

• CVE-2025-7328 (CVSS score 9.9): A missing authentication for critical function vulnerability affecting multiple aspects of the device. It's cause by missing authentication checks on critical functions, which could result in denial-of-service, admin account takeover, or NAT rule modifications.
• CVE-2025-7329 (CVSS score 8.5): A stored cross-site scripting vulnerability that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. It's caused by missing special character filtering and encoding in the web interface. Successful exploitation requires an attacker to be able to update configuration fields behind admin login, meaning the attacker must first gain administrative access or convince an administrator to input malicious content.
• CVE-2025-7330 (CVSS score 7.0): A cross-site request forgery vulnerability that allows for unintended configuration modification if an attacker can convince a logged-in administrator to visit a crafted link. The vulnerability is caused by missing CSRF checks on forms in the web interface, enabling attackers to execute unauthorized actions in the context of an authenticated administrative session.

Affected products are 1783-NATR with firmware version up to and including 1.006

Rockwell Automation has released firmware version 1.007 that patches all three flaws. Organizations should upgrade their 1783-NATR devices immediately to the patched firmware version. Users of the affected software who are unable to upgrade to the corrected versions should follow Rockwell Automation's security best practices to minimize risk until patching is possible.