nvd-json-data-feeds/CVE-2025/CVE-2025-04xx/CVE-2025-0498.json

{
  "id": "CVE-2025-0498",
  "sourceIdentifier": "PSIRT@rockwellautomation.com",
  "published": "2025-01-30T18:15:33.253",
  "lastModified": "2025-01-30T18:15:33.253",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk\u00ae AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk\u00ae Security user tokens, which could allow a threat actor to steal a token and, impersonate another user."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de exposici\u00f3n de datos en todas las versiones anteriores a la V15.00.001 de Rockwell Automation FactoryTalk\u00ae AssetCentre. La vulnerabilidad existe debido al almacenamiento inseguro de tokens de usuario de FactoryTalk\u00ae Security, lo que podr\u00eda permitir que un actor de amenazas robe un token y se haga pasar por otro usuario."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "PSIRT@rockwellautomation.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "PASSIVE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "PSIRT@rockwellautomation.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html",
      "source": "PSIRT@rockwellautomation.com"
    }
  ]
}