Loading

FactoryTalk® ViewPoint Privilege Escalation Vulnerability

Advisory ID:
SD1738
Published Date:
August 13, 2025
Last Updated:
August 13, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
Yes
Workaround:
No
CVE IDs
CVE-2025-7973
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Summary

Published Date: 8/14/2025 
Last Updated: 8/14/2025 
Revision Number: 1.0 
CVSS Score: 8.5/10

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.

AFFECTED PRODUCTS AND SOLUTION

 

 

Affected Product

 

 

 

 

CVE

 

 

 

 

Affected Software Version

 

 

 

 

Corrected in Software Version

 

 

 

 

FactoryTalk Viewpoint

 

 

 

 

CVE-2025-7973

 

 

 

 

Version 14.00 or below

 

 

 

 

15.00

 

 

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2025-7973 IMPACT

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

CVSS 3.1 Base Score: 7.8 
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0 Base Score: 8.5 
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE: CWE-268: Privilege Chaining
Known Exploited Vulnerability (KEV) database: No

Mitigations and Workarounds 
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied. 

  • Security Best Practices

 

 

Glossary:

  • MSI: Microsoft Installer (MSI) file is a package format used for installing, maintaining, and removing software on Windows systems.

  • Cscript.exe: command-line utility in Windows used to run scripts written in VBScript or JScript.

  • SYSTEM Privileges: SYSTEM privileges refer to the highest level of access on a Windows machine, allowing full control over all system resources and processes.

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose