All CISA Advisories, EN

Rockwell Automation 1783-NATR

2025-09-09 18:09

1. EXECUTIVE SUMMARY

CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: 1783-NATR
Vulnerability: Use of Platform-Dependent Third Party Components

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Rockwell Automation 1783-NATR are affected:

1783-NATR: All versions prior to 1.007

3.2 VULNERABILITY OVERVIEW

3.2.1 USE OF PLATFORM-DEPENDENT THIRD PARTY COMPONENTS CWE-1103

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

CVE-2020-28895 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2020-28895. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION:

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation 1783-NATR

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Rockwell Automation CompactLogix® 5480

Apple Event live updates 2025: iPhone 17, AirPods 3, Apple Watch Series 11, and more news →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

ISC Stormcast For Tuesday, November 4th, 2025 https://isc.sans.edu/podcastdetail/9684, (Tue, Nov 4th) November 4, 2025

IT Security News Hourly Summary 2025-11-04 03h : 2 posts November 4, 2025

New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts November 4, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) November 4, 2025

To maximize their influence, CISOs need diverse skills November 4, 2025

Department of Know: Azure security pitfalls, retailer cyberattack profits, Aardvark eats bugs November 4, 2025

New whitepaper available – AI for Security and Security for AI: Navigating Opportunities and Challenges November 4, 2025

Microsoft Fixes Long-Standing ‘Update and Shut Down’ Bug in Windows 11 November 4, 2025

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia November 4, 2025

Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers November 4, 2025

Unauthenticated Remote Code Execution Vulnerability in WSUS Service November 4, 2025

MIT Sloan quietly shelves AI ransomware study after researcher calls BS November 4, 2025

IT Security News Hourly Summary 2025-11-04 00h : 7 posts November 4, 2025

IT Security News Daily Summary 2025-11-03 November 4, 2025

AWS, Nvidia, CrowdStrike seek security startups to enter the arena November 4, 2025

Ransomware negotiator, pay thyself! November 4, 2025

Scaling Your Security with NHIs: Key Insights November 4, 2025

Empowering Teams with Robust NHI Management November 4, 2025

Innovating Cyber Defense with Enhanced NHIDR November 4, 2025

How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia November 4, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}