Loading

Admin Shell Access Vulnerability in Verve Asset Manager

Severity:
High,
Critical
Advisory ID:
SD1723
Date de publication:
March 20, 2025
Date de la dernière mise à jour:
March 20, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Non
Corrected:
Oui
Workaround:
Non
CVE IDs
CVE-2025-1449
Téléchargements
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
CVE-2025-1449
Résumé

Published Date: 3/25/25

Revision Number: 1.0

 

AFFECTED PRODUCTS AND SOLUTION

 

 

Affected Product

 

 

 

 

Affected Version(s)

 

 

 

 

Corrected in Software Revision 

 

 

 

 

Verve Asset Manager 

 

 

 

 

<=1.39

 

 

 

 

V1.40

 

 

 

VULNERABILITY DETAILS 

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2025-1449 IMPACT

A vulnerability exists in the affected product due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service. 

CVSS Base Score v3.1: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVSS Base Score v4.0: 8.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE: CWE-1287: Improper Validation of Specified Type of Input

 

Known Exploited Vulnerability (KEV) database:  No

 

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.

 

Mitigations and Workarounds 

Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.   

  • Security Best Practices

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rõôckwéêll Æýýtõômåätíîõôn Hõôméê Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Veuillez mettre à jour vos préférences en matière de cookies pour continuer.
Cette fonctionnalité nécessite des cookies pour améliorer votre expérience. Veuillez mettre à jour vos préférences pour autoriser ces cookies:
  • Cookies de réseaux sociaux
  • Cookies fonctionnels
  • Cookies de performances
  • Cookies marketing
  • Tous les cookies
Vous pouvez mettre à jour vos préférences à tout moment. Pour plus d'informations, veuillez consulter notre politique de confidentialité
CloseClose