Primary

Context

Rockwell Automation FactoryTalk ViewPoint Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in Rockwell Automation's FactoryTalk ViewPoint, specifically in versions 14.0 and earlier. The issue arises from improper management of Microsoft Installer (MSI) repair operations. During the repair process, attackers can take control of the cscript.exe console window, which operates with SYSTEM privileges. This exploitation can be used to open an elevated command prompt, allowing for full privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain elevated privileges, potentially leading to full control over the affected system.

Remediation

Users are advised to update to FactoryTalk ViewPoint version 15.0. For those unable to upgrade, security best practices should be followed.

Added: Aug 14, 2025, 3:07 PM

Updated: Aug 14, 2025, 3:07 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk ViewPoint Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating