CVE-2025-0497

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*

History

04 Nov 2025, 17:22

Type	Values Removed	Values Added
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) Existe una vulnerabilidad de exposición de datos en todas las versiones anteriores a V15.00.001 de Rockwell Automation FactoryTalk® AssetCentre. La vulnerabilidad existe debido al almacenamiento de credenciales en el archivo de configuración de los paquetes EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp o ArchiveLogCleanUp.
CPE		cpe:2.3:a:rockwellautomation:factorytalk_assetcentre::::::::
First Time		Rockwellautomation Rockwellautomation factorytalk Assetcentre

30 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 18:15

Updated : 2025-11-04 17:22

NVD link : CVE-2025-0497

Mitre link : CVE-2025-0497

CVE.ORG link : CVE-2025-0497

JSON object : View

Products Affected

rockwellautomation

factorytalk_assetcentre

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2025-0497", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-30T18:15:32.493", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk\u00ae AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de datos en todas las versiones anteriores a V15.00.001 de Rockwell Automation FactoryTalk\u00ae AssetCentre. La vulnerabilidad existe debido al almacenamiento de credenciales en el archivo de configuraci\u00f3n de los paquetes EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp o ArchiveLogCleanUp."}], "lastModified": "2025-11-04T17:22:08.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14B0A41-7FA8-4779-9F64-0611B0EFCE62", "versionEndExcluding": "15.00.01"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}