Loading

FactoryTalk® Linx Network Browser Security Bypass Vulnerability

Severity:
Critical
Advisory ID:
SD1735
Published Date:
August 14, 2025
Last Updated:
August 14, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Não
Corrected:
Sim
Workaround:
Não
CVE IDs
CVE-2025-7972
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Summary

Published Date: 8/14/2025 
Last Updated: 8/14/2025 
Revision Number: 1.0 
CVSS Score: 9.0/10 

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments. 

AFFECTED PRODUCTS AND SOLUTION

Affected Product 

CVE 

Affected Software Versions 

Corrected in Software Version 

FactoryTalk Linx 

CVE-2025-7972 

All prior to 6.50 

6.50 and later

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities. 

CVE-2025-7972 IMPACT

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers. 

CVSS 3.1 Base Score: 9.0 
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

CVSS 4.0 Base Score: 8.4 
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

CWE: CWE-286: Incorrect User Management
Known Exploited Vulnerability (KEV) database: No 

Mitigations and Workarounds 
Users should update to the corrected version if possible. If users using the affected software are not able to upgrade the version, security best practices should be applied.  

  • Security Best Practices

 

Glossary:

  • FTSP: (FactoryTalk Services Platform) facilitates communication between FactoryTalk® components, enabling data exchange and interaction across computers in a FactoryTalk directory 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página inicial da Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Atualize suas preferências de cookies para continuar.
Este recurso requer cookies para melhorar sua experiência. Atualize suas preferências para permitir esses cookies:
  • Cookies de Redes Sociais
  • Cookies Funcionais
  • Cookies de Desempenho
  • Cookies de Marketing
  • Todos os Cookies
Você pode atualizar suas preferências a qualquer momento. Para mais informações, consulte nosso {0} Política de Privacidade
CloseClose