Vulnerability cyber

Rockwell Automation

Apr 1, 2025 1 min read
Rockwell Automation

Rockwell Automation encountered a high-severity security vulnerability (CVE-2025-1449) in its Verve Asset Manager, affecting all versions up to 1.39. The flaw, due to inadequate input sanitization, could let attackers with administrative privileges execute arbitrary commands. With a CVSS base score of 9.1, the vulnerability poses a critical risk, potentially enabling the disruption of industrial processes, unauthorized access to sensitive data, or long-term presence within the network. Rockwell has released a patch in version 1.40 and recommends immediate upgrading to mitigate the issue.

Source: https://cybersecuritynews.com/rockwell-automation-vulnerability-let-attackers-gain-access/

TPRM report: https://scoringcyber.rankiteo.com/company/rockwell-automation

"id": "roc602040125",
"linkid": "rockwell-automation",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Industrial Automation',
                        'name': 'Rockwell Automation',
                        'type': 'Company'}],
 'attack_vector': 'Inadequate Input Sanitization',
 'description': 'Rockwell Automation encountered a high-severity security '
                'vulnerability (CVE-2025-1449) in its Verve Asset Manager, '
                'affecting all versions up to 1.39. The flaw, due to '
                'inadequate input sanitization, could let attackers with '
                'administrative privileges execute arbitrary commands. With a '
                'CVSS base score of 9.1, the vulnerability poses a critical '
                'risk, potentially enabling the disruption of industrial '
                'processes, unauthorized access to sensitive data, or '
                'long-term presence within the network.',
 'impact': {'operational_impact': 'Potential Disruption of Industrial '
                                  'Processes',
            'systems_affected': 'Verve Asset Manager'},
 'motivation': ['Disruption of Industrial Processes',
                'Unauthorized Access to Sensitive Data',
                'Long-term Presence Within the Network'],
 'post_incident_analysis': {'corrective_actions': 'Patch and Upgrade '
                                                  'Recommendations',
                            'root_causes': 'Inadequate Input Sanitization'},
 'recommendations': 'Immediate Upgrading to Version 1.40',
 'response': {'containment_measures': 'Patch Released in Version 1.40',
              'remediation_measures': 'Upgrade to Version 1.40'},
 'title': 'Rockwell Automation Verve Asset Manager Vulnerability '
          '(CVE-2025-1449)',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'CVE-2025-1449'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.