Rockwell Automation FactoryTalk Viewpoint

Plan PatchCVSS 7.8ICS-CERT ICSA-25-226-23Aug 13, 2025

Rockwell Automation

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk ViewPoint contains an improper privilege management vulnerability (CWE-250) that allows a user with local access to escalate privileges to administrator level. FactoryTalk ViewPoint versions 14.00 and earlier are affected and can be patched to version 15.00 or later. FactoryTalk ViewPoint Privilege (all versions) is end-of-life with no fix planned. Exploitation requires local access to the system and existing user credentials; remote exploitation is not possible.

What this means

What could happen

A local attacker with user-level access to a FactoryTalk ViewPoint system could gain full administrative privileges, allowing them to modify process logic, alter setpoints, or shut down operations on connected industrial equipment.

Who's at risk

Manufacturing facilities and process plants running Rockwell Automation FactoryTalk ViewPoint HMI/SCADA software should care about this vulnerability. It affects all versions of FactoryTalk ViewPoint Privilege and FactoryTalk ViewPoint versions 14.00 and earlier, which are commonly used to monitor and control production processes, safety systems, and critical equipment.

How it could be exploited

An attacker with local access to a FactoryTalk ViewPoint workstation or server (such as a disgruntled employee or someone with physical access to the facility) could exploit an improper privilege escalation vulnerability to elevate their permissions from a regular user account to administrative level, giving them control over the HMI and connected devices.

Prerequisites

Local access to a FactoryTalk ViewPoint system
User-level credentials or ability to log in to the workstation
FactoryTalk ViewPoint running version 14.00 or earlier (version 15.00 and later are patched)

Privilege escalation to full administrator accessNo patch available for FactoryTalk ViewPoint Privilege (end-of-life product)Low complexity to exploitAffects HMI/SCADA operations

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

FactoryTalk ViewPoint PrivilegeAll versionsNo fix (EOL)

FactoryTalk Viewpoint: <=14.00≤ 14.0015.00+

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to FactoryTalk ViewPoint systems to authorized personnel only; use role-based access controls to limit user privileges to minimum required functions

HARDENINGImplement physical security controls to prevent unauthorized local access to ViewPoint workstations and servers

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk ViewPoint to version 15.00 or later

Mitigations - no patch available

0/1

FactoryTalk ViewPoint Privilege has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate FactoryTalk ViewPoint networks from business networks using firewalls and network segmentation

CVEs (1)

CVE-2025-7973

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f392e596-1b8e-41f3-920d-25a6041bd032

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.