
Industrial automation giant Rockwell Automation has issued a security advisory addressing multiple critical vulnerabilities in its FactoryTalk AssetCentre software. These flaws, tracked as CVE-2025-0477, CVE-2025-0497, and CVE-2025-0498, pose severe risks to industrial control systems (ICS) by allowing attackers to extract credentials, expose sensitive data, and impersonate users.
The vulnerabilities impact all versions of FactoryTalk AssetCentre prior to v15.00.01. The flaws were discovered through both external research and internal security assessments.
- CVE-2025-0477 – Weak Encryption of Stored Credentials (CVSS 9.8 – Critical)
Rockwell Automation describes this flaw as an encryption vulnerability that “could allow a threat actor to extract passwords belonging to other users of the application.”
- CVE-2025-0497 – Credential Exposure in Configuration Files (CVSS 7.0 – High)
This vulnerability stems from storing credentials in the configuration files of various software packages, including EventLogAttachmentExtractor and ArchiveExtractor. Attackers with access to these files could retrieve and misuse stored credentials, posing a risk to operational integrity.
- CVE-2025-0498 – Insecure Storage of Security Tokens (CVSS 7.8 – High)
This flaw allows attackers to steal FactoryTalk Security user tokens, enabling them to impersonate legitimate users. “A threat actor could steal a token and impersonate another user,” the advisory warns.
Rockwell Automation has provided several mitigation strategies to reduce exposure to these vulnerabilities:
- Immediate Updates: Users should upgrade to FactoryTalk AssetCentre v15.00.01 or later to address all three vulnerabilities.
- Patch Application: For those using legacy versions (V11, V12, V13), patches are available via the Rockwell Automation January 2025 Monthly Patch rollup.
- Access Control: Restrict database and system access to authorized personnel only.
- Physical Security: Limit physical access to machines running affected versions of the software.
Related Posts:
- Critical Vulnerabilities Found in Rockwell Automation FactoryTalk ThinManager
- Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required
- Rockwell Automation Claims Cisco IOS Vulnerability Affects Its Industrial Switch
- CVE-2025-24480 (CVSS 9.8): Rockwell Automation Addresses Critical Flaw in FactoryTalk View ME
- CVE-2024-21915 (CVSS 9.0): Rockwell Automation Patches Critical Flaw in FTSP