Rockwell Automation FactoryTalk AssetCentre

Plan PatchCVSS 9.8ICS-CERT ICSA-25-030-05Jan 30, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk AssetCentre versions prior to 15.00.01 contain multiple vulnerabilities related to weak cryptography (CWE-326) and insecure credential storage (CWE-522). Successful exploitation allows an attacker to extract passwords, access credentials, or impersonate other users. Three specific vulnerabilities are identified: CVE-2025-0477 involves improper encryption of sensitive data stored in the database; CVE-2025-0497 and CVE-2025-0498 expose additional credential extraction and privilege escalation pathways in legacy versions.

What this means

What could happen

An attacker could extract stored passwords and credentials from FactoryTalk AssetCentre, allowing unauthorized access to the system and potential impersonation of other users with administrative privileges over your industrial assets and processes.

Who's at risk

Manufacturing, food & beverage, pharmaceutical, and utility operators who use FactoryTalk AssetCentre to manage automation asset inventories, configurations, and access control. Any facility relying on this platform to track and secure industrial equipment is affected.

How it could be exploited

An attacker with network access to FactoryTalk AssetCentre could exploit weak cryptography or insecure credential storage to extract plaintext or easily decryptable passwords from the database. With credentials in hand, they could log in as a legitimate user and modify asset configurations, control setpoints, or disable safety functions across your plant.

Prerequisites

Network access to FactoryTalk AssetCentre application port
FactoryTalk AssetCentre version prior to 15.00.01 deployed
Database containing stored credentials accessible or extractable via the application

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects system access control

Exploitability

Some exploitation risk — EPSS score 1.4%

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk AssetCentre: <V15.00.001<V15.00.00115.00.01

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict database access to only essential users and service accounts

HARDENINGRestrict physical access to the FactoryTalk AssetCentre server to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk AssetCentre to version 15.00.01 or later

HOTFIXFor legacy versions: install Rockwell Automation January 2025 monthly patch rollup or later to patch LogCleanUp and ArchiveLogCleanUp functions

HOTFIXFor legacy versions: locate article BF31148, download and install patches for EventLogAttachmentExtractor and ArchiveExtractor

Long-term hardening

0/1

HARDENINGEnforce network segmentation to limit FactoryTalk AssetCentre access to engineering workstations and trusted administrative hosts

CVEs (3)

CVE-2025-0477 CVE-2025-0497 CVE-2025-0498

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99d76c75-d9ec-40e2-8a63-c0c35be35fd6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.