Data Exposure Vulnerability in Rockwell Automation FactoryTalk® AssetCentre
CVE-2025-0498

7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Assetcentre
Vendor: CVE Published:; 30 January 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-0498?

A data exposure vulnerability exists in all versions of Rockwell Automation FactoryTalk® AssetCentre prior to V15.00.001. This issue stems from the insecure storage of FactoryTalk® Security user tokens. As a result, malicious actors could potentially exploit this vulnerability to steal user tokens, thereby impersonating other users and gaining unauthorized access to sensitive information.

Affected Version(s)

FactoryTalk® AssetCentre All prior to V15.00.001

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 15, 2025