CVE-2025-0477

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001

Description An encryption issue exists due to a weak encryption methodology, which could allow a threat actor to extract passwords belonging to other users of the application. This poses severe risks to industrial control systems.

Recommendations For Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001, consider updating to version V15.00.001 or later to resolve the issue. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-326

Related Identifiers

BDU:2025-01155

BDU:2025-01156

BDU:2025-01157

CVE-2025-0477

Affected Products

Factorytalk Assetcentre

CVE-2025-0477

Weakness Enumeration

Related Identifiers

Affected Products

References · 29