CVE-2025-0497

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
RockwellCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
rockwellautomationfactorytalk_assetcentre
𝑥
< 15.00.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html