Primary

Context

Rockwell Automation Verve Asset Manager Admin Shell Access Vulnerability

Vulnerability

A vulnerability in Rockwell Automation Verve Asset Manager exists due to inadequate variable sanitization. This issue affects the administrative web interface of Verve's Legacy Agentless Device Inventory (ADI) feature, which has been deprecated since version 1.36. The vulnerability allows users with administrative access to modify variables without proper sanitization. Exploitation of this flaw could enable these users to execute arbitrary commands within the context of the container hosting the service.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands in the context of the service's running container.

Remediation

Users can upgrade to Verve Asset Manager version 1.40 to address this vulnerability. For those unable to upgrade, it is recommended to follow general security best practices.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Verve Asset Manager Admin Shell Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating