Rockwell Automation FactoryTalk Linx Network Browser Security Bypass Vulnerability

A security bypass vulnerability has been identified in the FactoryTalk Linx Network Browser. By changing the process environment variable 'NODE_ENV' to 'development', an attacker can disable FTSP token validation. This bypass allows unauthorized access to create, update, and delete FTLinx drivers. The vulnerability affects all versions of FactoryTalk Linx prior to 6.50.

Impact

Exploiting this vulnerability allows for unauthorized creation, modification, and deletion of FTLinx drivers.

Remediation

Users should update to version 6.50 or later. For those unable to upgrade, security best practices should be applied.