These vulnerabilities in Rockwell Automation Verve Asset Manager could allow attackers to access sensitive data stored in environment variables and during playbook execution. The issues impact various versions and are associated with insecure storage practices—highlighting the importance of securing industrial control systems. #RockwellAutomation #VerveAssetManager
Keypoints
- The vulnerabilities involve insecure storage of sensitive information in legacy components of Verve Asset Manager.
- Versions affected include 1.33 through 1.41.3, with older components retired in 2024.
- CVE-2025-14376 and CVE-2025-14377 relate to unencrypted data stored in environment variables and during playbook execution.
- Organizations are advised to implement network protections, use VPNs securely, and assess risks before deploying defenses.
- No public exploits for these vulnerabilities have been reported at this time.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-03