Primary

Context

Rockwell Automation Verve Asset Manager Plaintext Storage Vulnerability in Ansible Playbook Component

Vulnerability

A vulnerability exists in the legacy Ansible playbook component of Verve Asset Manager, versions 1.33 through 1.41.3, due to plaintext secrets being improperly stored during playbook execution. This component has been retired and was optional since the 1.36 release in 2024.

Impact

The vulnerability allows for the insecure storage of sensitive information, with plaintext secrets being exposed while a playbook is running.

Remediation

Users can upgrade to Verve Asset Manager version 1.42, where this component has been fully removed. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Jan 20, 2026, 2:36 PM

Updated: Jan 20, 2026, 2:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Verve Asset Manager Plaintext Storage Vulnerability in Ansible Playbook Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating