CVE-2025-0498

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001

Description A data exposure issue exists due to insecure storage of FactoryTalk Security user tokens, which could allow a threat actor to steal a token and impersonate another user. This could potentially lead to the disclosure of protected information.

Recommendations For versions prior to V15.00.001, update to V15.00.001 or later to resolve the issue. As a temporary workaround, consider restricting access to FactoryTalk Security user tokens to minimize the risk of exploitation.