What is the severity of CVE-2025-0497?

CVE-2025-0497 has been classified as a data exposure vulnerability that poses significant security risks.

Which versions of Rockwell Automation FactoryTalk AssetCentre are affected by CVE-2025-0497?

CVE-2025-0497 affects all versions of Rockwell Automation FactoryTalk AssetCentre prior to V15.00.001.

How do I fix CVE-2025-0497?

To mitigate CVE-2025-0497, upgrade Rockwell Automation FactoryTalk AssetCentre to version V15.00.001 or later.

What kind of data is exposed due to CVE-2025-0497?

CVE-2025-0497 exposes sensitive credentials due to improper storage in configuration files.

Is there a workaround for CVE-2025-0497 until I can upgrade?

There are no official workarounds for CVE-2025-0497, so upgrading is the recommended course of action.

Vulnerability/
CVE-2025-0497

high

7.3

CWE

522

30/1/2025

CVE-2025-0497: Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability

First published: Thu Jan 30 2025(Updated: )

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation FactoryTalk AssetCentre	<V15.00.001

Remedy

Corrected in: V11, V12, and V13 (patch available) V15.00.01 and later

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html

Frequently Asked Questions

What is the severity of CVE-2025-0497?
CVE-2025-0497 has been classified as a data exposure vulnerability that poses significant security risks.
Which versions of Rockwell Automation FactoryTalk AssetCentre are affected by CVE-2025-0497?
CVE-2025-0497 affects all versions of Rockwell Automation FactoryTalk AssetCentre prior to V15.00.001.
How do I fix CVE-2025-0497?
To mitigate CVE-2025-0497, upgrade Rockwell Automation FactoryTalk AssetCentre to version V15.00.001 or later.
What kind of data is exposed due to CVE-2025-0497?
CVE-2025-0497 exposes sensitive credentials due to improper storage in configuration files.
Is there a workaround for CVE-2025-0497 until I can upgrade?
There are no official workarounds for CVE-2025-0497, so upgrading is the recommended course of action.

collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/author
agent/source
agent/description
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/severity
agent/title
agent/remedy
agent/references
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
vendor/rockwell automation
canonical/rockwell automation factorytalk assetcentre

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.