CVE-2025-0497

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001

Description A data exposure issue exists due to the storage of credentials in the configuration file of packages such as EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp. This allows an attacker to potentially disclose protected information.

Recommendations For versions prior to V15.00.001, consider updating to V15.00.001 or later to resolve the issue. As a temporary workaround, restrict access to the configuration files of the affected packages to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved.