Primary

Context

Rockwell Automation FactoryTalk AssetCentre Data Exposure Vulnerability

Vulnerability

Patched

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk AssetCentre. This vulnerability arises from the insecure storage of credentials in the configuration files of certain packages, which could allow unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to stored credentials, allowing an attacker to impersonate users or access sensitive data.

Remediation

Users are advised to update FactoryTalk AssetCentre to V15.00.01 or later. For those on legacy versions, patches are available through the Rockwell Automation January 2025 Monthly Patch rollup or by following specific instructions for certain packages.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

3.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

3.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk AssetCentre Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation FactoryTalk® AssetCentre

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating