A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.

Project Subscriptions

Vendors Products
Rockwellautomation Subscribe
Factorytalk Assetcentre Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2025-1717 A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
Fixes

Solution

Corrected in: V11, V12, and V13 (patch available) V15.00.01 and later


Workaround

No workaround given by the vendor.

History

Tue, 04 Nov 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation factorytalk Assetcentre
CPEs cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation factorytalk Assetcentre
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 12 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 30 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
Description A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
Title Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2025-02-12T19:51:11.273Z

Reserved: 2025-01-15T15:46:06.135Z

Link: CVE-2025-0497

cve-icon Vulnrichment

Updated: 2025-02-12T19:44:30.433Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-30T18:15:32.493

Modified: 2025-11-04T17:22:08.150

Link: CVE-2025-0497

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses