A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.