CVE-2025-0498 Rockwell Automation CVE debrief

Who should care

Industrial control system administrators, Rockwell Automation customers, OT/ICS security teams, and anyone responsible for FactoryTalk AssetCentre deployments prior to V15.00.001 should prioritize this issue.

Technical summary

The advisory states that FactoryTalk AssetCentre versions before V15.00.001 insecurely stored FactoryTalk Security user tokens. If an attacker can access those tokens, the impact includes impersonation of another user. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access and user interaction are relevant to exploitation conditions, with high confidentiality, integrity, and availability impact once abuse occurs.

Defensive priority

High. The vulnerability is rated 7.8 (HIGH), affects a widely used OT/ICS product, and can enable identity impersonation. Remediation should be prioritized for any deployment running a vulnerable version.

Recommended defensive actions

• Update FactoryTalk AssetCentre to v15.00.001 or later.
• For legacy versions, apply the Rockwell Automation January 2025 monthly patch rollup or later as directed in the advisory.
• Restrict physical access to the machine to authorized users, per vendor guidance.
• Review and follow Rockwell Automation's security best practices for industrial automation control systems.
• Verify which systems are running FactoryTalk AssetCentre prior to v15.00.001 and schedule remediation promptly.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-030-05 and the embedded vendor remediation notes. The advisory describes insecure storage of FactoryTalk Security user tokens in FactoryTalk AssetCentre versions before V15.00.001 and recommends upgrading to v15.00.001 or later, or applying the January 2025 monthly patch rollup for legacy versions. The CVSS vector provided in the source data is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. No KEV entry was supplied in the corpus.

Official resources