Cyber Resilience

CVE-2025-0477

Critical

Published: 30 January 2025

Published
30 January 2025
Modified
04 November 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0143 81.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0477 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Rockwellautomation Factorytalk Assetcentre. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-13 (Cryptographic Protection).

Deeper analysis

An encryption vulnerability affects all versions of Rockwell Automation FactoryTalk AssetCentre prior to V15.00.001. It stems from use of a weak encryption methodology, which is tracked as CWE-522 and enables extraction of passwords that belong to other application users. The issue carries a CVSS 4.0 score of 9.3 with a network attack vector and no required privileges or user interaction.

A remote unauthenticated attacker can exploit the flaw to obtain credentials stored by other users, thereby gaining unauthorized access that may lead to full compromise of confidentiality, integrity, and availability within the affected system.

The vendor advisory published by Rockwell Automation directs customers to upgrade to version V15.00.001 to address the weakness. The associated EPSS score remains low, with a current value of 0.0143 and a peak of 0.0173.

EU & UK References

Vulnerability details

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Weak encryption (CWE-522) directly enables extraction of other users' passwords (T1552 Unsecured Credentials); extracted credentials then facilitate unauthorized access via valid accounts (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0498Same product: Rockwellautomation Factorytalk Assetcentre
CVE-2025-0497Same product: Rockwellautomation Factorytalk Assetcentre
CVE-2025-7972Same vendor: Rockwellautomation
CVE-2025-9278Same vendor: Rockwellautomation
CVE-2025-9279Same vendor: Rockwellautomation
CVE-2025-9064Same vendor: Rockwellautomation
CVE-2025-9464Same vendor: Rockwellautomation
CVE-2025-9280Same vendor: Rockwellautomation
CVE-2025-9161Same vendor: Rockwellautomation
CVE-2025-26492Shared CWE-522

Affected Assets

rockwellautomation
factorytalk assetcentre
≤ 15.00.01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of flaws like the weak encryption vulnerability through patching to V15.00.001 or later.

prevent

Requires implementation of approved cryptographic mechanisms to protect sensitive data such as stored passwords, directly countering the weak encryption methodology.

prevent

Ensures secure management and protection of authenticators including passwords, preventing storage with weak encryption that allows extraction.

References