PatchSiren cyber security CVE debrief
CVE-2025-0497 Rockwell Automation CVE debrief
CVE-2025-0497 is a high-severity data exposure issue in Rockwell Automation FactoryTalk AssetCentre. According to CISA’s advisory, versions prior to V15.00.001 can store credentials in the configuration files used by EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages. The issue was publicly disclosed on 2025-01-30.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk AssetCentre
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-30
- Original CVE updated
- 2025-01-30
- Advisory published
- 2025-01-30
- Advisory updated
- 2025-01-30
Who should care
Industrial control system administrators, Rockwell Automation FactoryTalk AssetCentre operators, and teams responsible for privileged account management on systems running affected versions should review this advisory. Sites where AssetCentre hosts or processes sensitive credentials, especially on shared or locally accessible machines, should prioritize remediation.
Technical summary
The vulnerability is a data exposure weakness caused by credentials being stored in package configuration files. The affected scope in the advisory is FactoryTalk AssetCentre versions earlier than V15.00.001. CISA lists the issue with CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, and Rockwell Automation’s remediation guidance points to upgrading to the fixed release and applying package-specific patches where applicable.
Defensive priority
High. This is a credential exposure issue affecting an industrial asset management product, and the advisory recommends direct remediation rather than monitoring alone.
Recommended defensive actions
- Upgrade FactoryTalk AssetCentre to V15.00.001 or later.
- Apply the Rockwell Automation January 2025 monthly patch rollup, or later, for LogCleanUp and ArchiveLogCleanUp.
- For EventLogAttachmentExtractor and ArchiveExtractor, follow Rockwell Automation article BF31148 and install the provided patch files.
- Restrict physical access to machines running affected packages to authorized users only.
- Review any credentials that may have been stored in affected configuration files and rotate them if exposure is suspected.
- Follow Rockwell Automation’s ICS security best practices for reducing risk on industrial automation control systems.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory for ICSA-25-030-05 and the linked Rockwell Automation remediation references. The advisory states the affected versions are prior to V15.00.001 and identifies credential storage in configuration files for EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, and ArchiveLogCleanUp as the cause. The supplied remediation text uses both V15.00.001 and V15.00.01 formatting; this debrief preserves the advisory meaning as the fixed release threshold.
Official resources
-
CVE-2025-0497 CVE record
CVE.org
-
CVE-2025-0497 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-01-30 in advisory ICSA-25-030-05; no KEV listing is included in the supplied data.