AFFECTED PRODUCTS AND SOLUTION
Affected Product |
CVE |
Affected Versions |
Corrected Version |
FactoryTalk® AssetCentre |
CVE-2025-0477 |
All prior to V15.00.001 |
|
V11, V12, and V13 (patch available) |
|||
CVE-2025-0498 |
V15.00.01 and later |
Mitigations and Workarounds
Customers using the affected software are encouraged to apply the risk mitigations, if possible.
For CVE-2025-0477:
o Update FactoryTalk® AssetCentre to v15.00.01 or later.
o The encrypted data is stored in a table in the database. Control access to the database by non-essential users.
For CVE-2025-0497
o Update FactoryTalk® AssetCentre to v15.00.01 or later.
o Apply patches to correct legacy versions:
§ To apply the patch for LogCleanUp or ArchiveLogCleanUp download and install the Rockwell Automation January 2025 Monthly Patch rollup, or later
§ To apply patches for EventLogAttachmentExtractor or ArchiveExtractor, locate the article BF31148, download the patch files and follow the instructions.
o Restrict physical access to the machine to authorized users.
For CVE-2025-0498
o Update FactoryTalk® AssetCentre to v15.00.01 or later.
o Apply patches to correct legacy versions:
§ To apply the patch for download and install the Rockwell Automation January 2025 Monthly Patch rollup, or later
o Restrict physical access to the machine to authorized users.
For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
VULNERABILITY DETAILS
CVE-2025-0477 and CVE-2025-0497 reported to Rockwell Automation by Nestlé - Alban Avdiji. CVE-2025-0498 was found internally by Rockwell Automation during routine testing. Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2025-0477 IMPACT
An encryption vulnerability exists in all versions prior to V15.00.001 of FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
CVSS 3.1 Base Score: 9.8
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0 Base Score: 9.3
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE-326: Inadequate Encryption Strength
Known Exploited Vulnerability (KEV) database: No
CVE-2025-0497 IMPACT
A data exposure vulnerability exists in all versions prior to V15.00.001 of FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
CVSS 3.1 Base Score: 7.0
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0 Base Score: 7.3
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE-522: Insufficiently Protected Credentials
Known Exploited Vulnerability (KEV) database: No
CVE-2025-0498 IMPACT
A data exposure vulnerability exists in all versions prior to V15.00.001 of FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user.
CVSS 3.1 Base Score: 7.8
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 4.0 Base Score: 7.0
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE-522: Insufficiently Protected Credentials
Known Exploited Vulnerability (KEV) database: No