Summary
Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server.
The following versions of Rockwell Automation Verve Asset Manager are affected:
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
- Verve Asset Manager (CVE-2025-14376, CVE-2025-14377)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.9 | Rockwell Automation | Rockwell Automation Verve Asset Manager | Insecure Storage of Sensitive Information, Cleartext Storage of Sensitive Information |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2025-14376
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, where unencrypted sensitive data was stored in environment variables. This component was retired and became optional beginning with the 1.36 release in 2024.
Affected Produc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: