1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk AssetCentre
- Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation FactoryTalk AssetCentre are affected:
- FactoryTalk AssetCentre: All versions prior to V15.00.001
3.2 Vulnerability Overview
3.2.1 INADEQUATE ENCRYPTION STRENGTH CWE-326
An encryption vulnerability exists in all versions prior to V15.00.001 of FactoryTalk AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
CVE-2025-0477 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-0477. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 INSUFFICIENTLY PROTEC
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: