Primary

Context

Rockwell Automation Verve Asset Manager Legacy ADI Server Component Plaintext Secret Vulnerability

Vulnerability

A vulnerability exists in the legacy ADI server component of Verve Asset Manager, due to plaintext secrets being stored in environment variables on the ADI server. This component has been retired and was optional since the 1.36 release in 2024.

Impact

The vulnerability allows for the insecure storage of sensitive information, with plaintext secrets being exposed in environment variables.

Remediation

Users can upgrade to Verve Asset Manager version 1.42 or later, where this component has been fully removed. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Jan 20, 2026, 2:33 PM

Updated: Jan 20, 2026, 2:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Verve Asset Manager Legacy ADI Server Component Plaintext Secret Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating