OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Viewpoint

Plan Patch7.8ICS-CERT ICSA-25-226-23Aug 14, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Improper privilege management in FactoryTalk Viewpoint versions 14.00 and earlier allows a local user with low privileges to escalate to full administrative control of the system.

What this means
What could happen
An attacker with a local user account on a FactoryTalk Viewpoint system could escalate privileges to become an administrator, allowing them to modify production settings, alter HMI screens, or disable monitoring and safety functions.
Who's at risk
Water and electric utilities using Rockwell Automation FactoryTalk Viewpoint for HMI/SCADA visualization and control on engineering workstations or operator consoles should prioritize this patch. Any facility relying on FactoryTalk Viewpoint version 14.00 or earlier for critical process monitoring is at risk.
How it could be exploited
An attacker must first gain a local user account on the FactoryTalk Viewpoint workstation (through social engineering, phishing, or prior compromise). Once logged in with low privileges, they can exploit the privilege escalation flaw to gain full administrative access to the HMI/SCADA interface and underlying system.
Prerequisites
  • Local user account on the FactoryTalk Viewpoint workstation
  • Low privilege credentials (non-administrator)
  • Physical or remote access to the workstation (e.g., RDP, physical login)
Requires local account accessLow complexity exploitationFull privilege escalationAffects HMI/visualization tier
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Viewpoint: <=14.00≤ 14.0015.00 or later
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict local login access to FactoryTalk Viewpoint workstations to authorized personnel only; use strong authentication and disable unnecessary local accounts
HARDENINGIsolate FactoryTalk Viewpoint workstations from general IT networks and the internet; place them behind firewalls with ingress/egress rules limiting access to necessary systems only
WORKAROUNDRequire multi-factor authentication for remote access (RDP, SSH) to engineering workstations if remote administration is necessary
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Viewpoint to version 15.00 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f392e596-1b8e-41f3-920d-25a6041bd032
Rockwell Automation FactoryTalk Viewpoint | CVSS 7.8 - OTPulse