CVE-2025-0477
Published: 30 January 2025
Summary
CVE-2025-0477 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Rockwellautomation Factorytalk Assetcentre. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-13 (Cryptographic Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and correction of flaws like the weak encryption vulnerability through patching to V15.00.001 or later.
Requires implementation of approved cryptographic mechanisms to protect sensitive data such as stored passwords, directly countering the weak encryption methodology.
Ensures secure management and protection of authenticators including passwords, preventing storage with weak encryption that allows extraction.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak encryption (CWE-522) directly enables extraction of other users' passwords (T1552 Unsecured Credentials); extracted credentials then facilitate unauthorized access via valid accounts (T1078).
NVD Description
An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
Deeper analysisAI
CVE-2025-0477 is an encryption vulnerability (CWE-522) present in all versions of Rockwell Automation FactoryTalk AssetCentre prior to V15.00.001. The issue arises from a weak encryption methodology that enables threat actors to extract passwords belonging to other users of the application. Published on 2025-01-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its severe impacts.
The vulnerability can be exploited remotely by any unauthenticated attacker with network access, requiring low complexity and no user interaction or privileges. Successful exploitation allows the attacker to extract other users' passwords, potentially enabling unauthorized access to the application, manipulation of industrial assets, and broader compromise within FactoryTalk AssetCentre environments.
Rockwell Automation details mitigation in security advisory SD1721 at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html, which recommends upgrading to version V15.00.001 or later to address the weak encryption.
Details
- CWE(s)