Predictable Session Vulnerability in Rockwell Automation's 5032 16pt Digital Configurable Module
CVE-2025-7773
8.8HIGH
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 August 2025
What is CVE-2025-7773?
A security flaw within the web server of Rockwell Automation's 5032 16pt Digital Configurable Module allows for session numbers to be predicted. The incrementing session number is directly tied to the intervals of the last two sign-in sessions, creating a potential risk for unauthorized access. This vulnerability can be exploited if an attacker is able to deduce active session identifiers based on previous patterns, thereby compromising the security of user sessions.
Affected Version(s)
5032-CFGB16M12DR 1.011
5032-CFGB16M12M12LDR 1.011
5032-CFGB16M12P5DR 1.011