Credential Exposure Vulnerability in Rockwell Automation Products
CVE-2025-0631

8.7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Powerflex 755
Vendor: CVE Published:; 28 January 2025

Summary

A credential exposure vulnerability in Rockwell Automation products occurs when sensitive information is transmitted using HTTP. This practice leads to credentials being sent in clear text, making them susceptible to interception by malicious actors. Organizations using affected Rockwell Automation products must ensure secure communication protocols are in place to safeguard against potential exploits.

Affected Version(s)

PowerFlex 755 <=16.002.279

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 21, 2025