CVE-2025-0477 – A critical encryption vulnerability in Rockwell... (How to Fix)

Q: What is the severity of CVE-2025-0477?

CVE-2025-0477 has a CVSS score of 9.8 (CRITICAL). A critical encryption vulnerability in Rockwell Automation FactoryTalk AssetCentre allows attackers to extract other users' passwords due to weak encryption methodology. All versions before V15.00.001 are affected, potentially compromising industrial control system security.

📋 TL;DR

A critical encryption vulnerability in Rockwell Automation FactoryTalk AssetCentre allows attackers to extract other users' passwords due to weak encryption methodology. All versions before V15.00.001 are affected, potentially compromising industrial control system security.

💻 Affected Systems

Products:

Rockwell Automation FactoryTalk AssetCentre

Versions: All versions prior to V15.00.001

Operating Systems: Windows (as FactoryTalk AssetCentre is Windows-based)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations regardless of configuration due to inherent encryption weakness.

📦 What is this software?

Factorytalk Assetcentre by Rockwellautomation

View all CVEs affecting Factorytalk Assetcentre →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of FactoryTalk AssetCentre with credential theft leading to lateral movement across industrial networks, potential sabotage of industrial processes, and data exfiltration.

🟠

Likely Case

Unauthorized access to FactoryTalk AssetCentre with privilege escalation, credential harvesting, and potential access to connected industrial systems.

🟢

If Mitigated

Limited impact if strong network segmentation, access controls, and monitoring prevent exploitation attempts from reaching vulnerable systems.

🌐 Internet-Facing: HIGH if exposed to internet, as CVSS 9.8 indicates network-accessible attack vector with no authentication required.

🏢 Internal Only: HIGH even internally, as weak encryption allows credential extraction once access is gained to the system or its data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Weak encryption vulnerabilities typically have low exploitation complexity once the methodology is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V15.00.001

Vendor Advisory: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html

Restart Required: Yes

Instructions:

1. Download FactoryTalk AssetCentre V15.00.001 from Rockwell Automation. 2. Backup current configuration and data. 3. Install the update following vendor documentation. 4. Restart the system. 5. Verify successful installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate FactoryTalk AssetCentre from untrusted networks and limit access to authorized users only.

Access Control Hardening

windows

Implement strict access controls, multi-factor authentication, and least privilege principles.

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems from critical assets
Enhance monitoring and logging for suspicious access attempts to FactoryTalk AssetCentre

🔍 How to Verify

Check if Vulnerable:

Check FactoryTalk AssetCentre version in application interface or Windows Programs and Features. If version is below V15.00.001, system is vulnerable.

Check Version:

Check via FactoryTalk AssetCentre GUI or Windows Control Panel > Programs and Features

Verify Fix Applied:

Verify version shows V15.00.001 or higher in application interface or Windows Programs and Features.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to FactoryTalk AssetCentre
Failed authentication attempts followed by successful access
Unexpected credential changes or access

Network Indicators:

Unusual network traffic to/from FactoryTalk AssetCentre ports
Connection attempts from unauthorized IP addresses

SIEM Query:

source="FactoryTalk AssetCentre" AND (event_type="authentication" OR event_type="access") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2025-0477

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

EPSS Score: 0.46% exploit probability (63.6th percentile)

Published: January 30, 2025

Last Updated: November 4, 2025

🔗 References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0477, you might also want to check these: