Predictable Session Vulnerability in Rockwell Automation's 5032 16pt Digital Configurable Module
CVE-2025-7773

8.8HIGH

What is CVE-2025-7773?

A security flaw within the web server of Rockwell Automation's 5032 16pt Digital Configurable Module allows for session numbers to be predicted. The incrementing session number is directly tied to the intervals of the last two sign-in sessions, creating a potential risk for unauthorized access. This vulnerability can be exploited if an attacker is able to deduce active session identifiers based on previous patterns, thereby compromising the security of user sessions.

Affected Version(s)

5032-CFGB16M12DR 1.011

5032-CFGB16M12M12LDR 1.011

5032-CFGB16M12P5DR 1.011

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7773 : Predictable Session Vulnerability in Rockwell Automation's 5032 16pt Digital Configurable Module