Rockwell FactoryTalk Activation Manager Lack of Encryption Vulnerability
Monitor7.1SD1741Sep 9, 2025
Summary
Rockwell FactoryTalk Activation Manager fails to encrypt sensitive authentication and license data in transit and at rest. All versions are affected. An attacker with network access to FactoryTalk Activation Manager traffic or the host can intercept unencrypted credentials and licensing information, potentially leading to unauthorized access to engineering workstations and systems.
What this means
What could happen
An attacker with network access could intercept unencrypted credentials and license keys, gaining unauthorized access to engineering workstations and HMI/SCADA systems that depend on FactoryTalk licensing and activation.
Who's at risk
Manufacturing facilities, food and beverage plants, water authorities, and electric utilities running Rockwell FactoryTalk engineering platforms should care about this vulnerability. Any facility using FactoryTalk View, PLC programming software, or SCADA systems that depend on FactoryTalk Activation Manager for licensing is affected.
How it could be exploited
An attacker positioned on the network (man-in-the-middle) or with access to the FactoryTalk Activation Manager host can capture unencrypted authentication traffic or read credentials stored on disk. The attacker can then use these credentials to access engineering tools or bypass licensing controls to access systems normally restricted to authorized personnel.
Prerequisites
- Network visibility or access to FactoryTalk Activation Manager communication traffic
- Or direct file system access to the host running FactoryTalk Activation Manager
- Knowledge of FactoryTalk system architecture and credential formats
No patch availableAffects engineering workstations and system access controlsUnencrypted credentials and licensing data exposed
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Activation ManagerAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGImplement network segmentation to isolate FactoryTalk Activation Manager and engineering workstations from untrusted networks
WORKAROUNDRestrict network access to FactoryTalk Activation Manager to only authorized engineering workstations using firewall rules and ACLs
HARDENINGDeploy VPN or encrypted tunnels for all remote engineering access to systems using FactoryTalk
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor and audit access to FactoryTalk Activation Manager hosts for unauthorized credential capture attempts
HARDENINGReview and secure physical and logical access controls to engineering workstations and servers running FactoryTalk
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3e6780a8-8344-4c59-98b5-11161290cfa0