CVE-2025-0497

CVE-2025-0497 is a data exposure vulnerability affecting all versions prior to V15.00.001 of Rockwell Automation FactoryTalk AssetCentre. The issue stems from credentials being stored in plaintext within the configuration files of the EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages, mapped to CWE-522 (Insufficiently Protected Credentials). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its critical severity due to high impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected system, requiring low complexity and no user interaction. By accessing the exposed configuration files, an attacker can retrieve stored credentials, enabling potential unauthorized access to FactoryTalk AssetCentre functions or related systems, with severe consequences for confidentiality, integrity, and availability as scored.

Mitigation details are provided in the Rockwell Automation security advisory at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html, published on 2025-01-30.