All CISA Advisories, EN

Rockwell Automation FactoryTalk Viewpoint

2025-08-14 18:08

1. EXECUTIVE SUMMARY

CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Rockwell Automation
Equipment: FactoryTalk Viewpoint
Vulnerability: Improper Handling of Insufficient Permissions or Privileges

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in full privilege escalation.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of FactoryTalk Viewpoint is affected:

FactoryTalk Viewpoint: Version 14.00 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

CVE-2025-7973 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7973. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATIO

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Rockwell Automation FactoryTalk Viewpoint

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT

Rockwell FactoryTalk Linx →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Navigating Complexity: CISO Strategies for Security Tool Consolidation and Budget Optimization October 1, 2025

Top 10 Best Vulnerability Management Software in 2025 October 1, 2025

Shortcut-based Credential Lures Deliver DLL Implants October 1, 2025

Landmark US cyber-information-sharing program expires, bringing uncertainty October 1, 2025

Data breach at Canadian airline WestJet affects 1.2M passengers October 1, 2025

UK government tries again to access encrypted Apple customer data: report October 1, 2025

KnowBe4 Is a Proud Participant in the Microsoft Security Store Partner Ecosystem October 1, 2025

200,000 More SIM Cards Found Linked to Secret Telecom Network in NYC October 1, 2025

Proofpoint Previews Strategy for Applying AI Agents to Better Secure Data October 1, 2025

Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar) October 1, 2025

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps October 1, 2025

IT Security News Hourly Summary 2025-10-01 15h : 16 posts October 1, 2025

Ukraine Warns of Weaponized XLL Files Delivering CABINETRAT Malware via Zip Archives October 1, 2025

World’s Largest Crypto Seizure Nets £5.5 Billion in Bitcoin October 1, 2025

Final 3 days to score extra discounts on community passes to TechCrunch Disrupt 2025 October 1, 2025

Navigating Holiday Threats: Strengthening PC Resilience with Desktops as a Service (DaaS) October 1, 2025

Gemini AI flaws could have exposed your data October 1, 2025

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks October 1, 2025

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. October 1, 2025

Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer October 1, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}