Primary

Context

Rockwell Automation FactoryTalk AssetCentre Encryption Vulnerability Allowing Password Extraction

Vulnerability

Patched

A vulnerability exists in all versions of Rockwell Automation FactoryTalk AssetCentre prior to V15.00.001, due to a weak encryption methodology. This encryption vulnerability could allow a threat actor to extract passwords of other users within the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts by allowing the extraction of passwords from the application's database.

Remediation

Users are advised to update FactoryTalk AssetCentre to V15.00.01 or later. Additionally, control access to the database to prevent non-essential users from accessing encrypted data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk AssetCentre Encryption Vulnerability Allowing Password Extraction

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation FactoryTalk AssetCentre

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating