Rockwell Automation Verve Asset Manager

Plan PatchCVSS 9.1ICS-CERT ICSA-25-084-02Mar 25, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation Verve Asset Manager versions 1.39 and earlier contain a vulnerability that allows an attacker with administrative access to run arbitrary commands in the context of the container running the service. The vulnerability has a CVSS v3.1 score of 9.1 and is classified as CWE-1287. This issue requires high-privilege access but can affect the confidentiality, integrity, and availability of the system.

What this means

What could happen

An attacker with administrative credentials could execute arbitrary commands on the Verve Asset Manager service container, potentially compromising asset visibility, configuration data, and control system access. This could enable further attacks on connected industrial systems or theft of operational intelligence.

Who's at risk

Asset managers and network monitoring platforms in utility and manufacturing environments. Organizations using Verve Asset Manager for visibility into industrial control system devices and equipment configurations should prioritize patching. This affects IT staff responsible for asset management and OT security personnel who rely on this platform for system inventory and compliance tracking.

How it could be exploited

An attacker with valid administrative account credentials logs into Verve Asset Manager and exploits the vulnerability to execute arbitrary commands within the container runtime environment, gaining full command-line access to the service context.

Prerequisites

Valid Verve Asset Manager administrative credentials
Network access to Verve Asset Manager administrative interface
Knowledge of container-level command execution techniques

Critical CVSS score (9.1)Requires administrative credentials (high barrier to exploitation)Container escape potential affects integrity and availabilityAffects asset visibility systems used for OT security

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Verve Asset Manager: <=1.39≤ 1.391.40

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict administrative access to Verve Asset Manager to authorized personnel only and enforce strong password policies

HARDENINGImplement network access controls to limit connections to Verve Asset Manager from trusted administrative networks only

WORKAROUNDMonitor Verve Asset Manager logs for unauthorized administrative login attempts or unusual command execution

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Verve Asset Manager to version 1.40 or later

CVEs (1)

CVE-2025-1449

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f7fc8fe7-25af-4d43-8861-0b362cde62ac

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.