Alban Avdiji

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001 **Description** A data exposure issue exists due to the storage of credentials in the configuration file of packages such as `EventLogAttachmentExtractor`, `ArchiveExtractor`, `LogCleanUp`, or `ArchiveLogCleanUp`. This allows an attacker to potentially disclose protected information. **Recommendations** For versions prior to V15.00.001, consider updating to V15.00.001 or later to resolve the issue. As a temporary workaround, restrict access to the configuration files of the affected packages to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001 **Description** An encryption issue exists due to a weak encryption methodology, which could allow a threat actor to extract passwords belonging to other users of the application. This poses severe risks to industrial control systems. **Recommendations** For Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001, consider updating to version V15.00.001 or later to resolve the issue. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.