CVE-2025-0497

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
RockwellCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html