Rockwell Automation FactoryTalk AssetCentre

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users.

CVEs (3)

Remediations

• Rockwell Automation recommends users follow the following mitigations:
• For CVE-2025-0477: Update FactoryTalk AssetCentre to v15.00.01 or later. The encrypted data is stored in a table in the database. Control access to the database by non-essential users.
• For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of the vulnerability.
• For more information about this issue, please see the advisory on the Rockwell Automation security page.
• For CVE-2025-0497: Update FactoryTalk AssetCentre to v15.00.01 or later. Apply patches to correct legacy versions: To apply the patch for LogCleanUp or ArchiveLogCleanUp, download and install the Rockwell Automation January 2025 monthly patch rollup, or later. To apply patches for EventLogAttachmentExtractor or ArchiveExtractor, locate the article BF31148, download the patch files and follow the instructions. Restrict physical access to the machine to authorized users.
• For CVE-2025-0498: Update FactoryTalk AssetCentre to v15.00.01 or later. Apply patches to correct legacy versions: To apply the patch for download and install the Rockwell Automation January 2025 monthly patch rollup, or later. Restrict physical access to the machine to authorized users.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing