CVE-2025-0477: Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability

9.3 CVSS

Description

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.

Classification

CVE ID: CVE-2025-0477

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: Rockwell Automation

Product: FactoryTalk® AssetCentre

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html

Timeline

2025-01-30 18:15:29 UTC
All CISA Advisories

Rockwell Automation FactoryTalk AssetCentre
2025-01-31 00:30:20 UTC
CVE

Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability