CVE-2025-0477 Rockwell Automation CVE debrief

Who should care

OT/ICS administrators, Rockwell Automation FactoryTalk AssetCentre operators, database administrators supporting the product, and security teams responsible for industrial environments and privileged application access.

Technical summary

The CSAF advisory describes an encryption weakness in FactoryTalk AssetCentre prior to V15.00.001. The sensitive data is stored in a database table, and weak encryption could permit disclosure of other users’ passwords. Rockwell Automation’s remediation is to update to v15.00.01 or later and limit database access to non-essential users. CISA also points to industrial security best practices as additional risk reduction measures.

Defensive priority

Critical

Recommended defensive actions

• Upgrade FactoryTalk AssetCentre to v15.00.01 or later as recommended by Rockwell Automation.
• Restrict access to the application database to essential personnel only.
• Review who can access, administer, and query FactoryTalk AssetCentre credentials and related tables.
• Apply Rockwell Automation and CISA industrial control system security best practices to reduce exposure.
• Validate that affected systems are inventoried and prioritized for remediation in OT maintenance planning.

Evidence notes

The supplied CISA CSAF advisory (ICSA-25-030-05) states: "An encryption vulnerability exists in all versions prior to V15.00.001 of FactoryTalk AssetCentre" and that it "could allow a threat actor to extract passwords belonging to other users." The remediation section directs users to update to v15.00.01 or later and to control database access by non-essential users. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, consistent with the provided 9.8 Critical severity. The supplied data shows publication and modification on 2025-01-30 and no KEV entry.

Official resources