Rockwell Automation FactoryTalk Linx

Plan PatchCVSS 8.5ICS-CERT ICSA-25-289-02Oct 14, 2025

Rockwell Automation

Summary

FactoryTalk Linx contains privilege escalation vulnerabilities (CWE-268) that allow an attacker with local access to gain full access to files, processes, and system resources. FactoryTalk Linx versions 6.40 and earlier are affected and can be updated to version 6.50 or later. FactoryTalk Linx Privilege (all versions) is not being patched by Rockwell Automation. The vulnerability is related to an MSI package issue that Microsoft has addressed separately. No public exploitation has been reported.

What this means

What could happen

An attacker with local access to a system running FactoryTalk Linx could gain full access to files, processes, and system resources, potentially allowing them to modify industrial operations, access sensitive process data, or disable safety controls.

Who's at risk

This affects users of FactoryTalk Linx, Rockwell Automation's integration platform widely used in manufacturing, water/wastewater treatment, and power systems. Specifically, FactoryTalk Linx Privilege (all versions) has no planned fix, while standard FactoryTalk Linx through version 6.40 can be patched. Anyone using these products for process monitoring, data collection, or system integration should assess their deployment.

How it could be exploited

An attacker must have local access to the machine running FactoryTalk Linx. They could exploit privilege escalation vulnerabilities to escalate from a low-privilege account to system level, gaining full control over the device and any industrial processes it manages.

Prerequisites

Local access to the system running FactoryTalk Linx
Low-privilege user account on the system

Local exploitation only (not remotely exploitable)High severity impact (full system access)Privilege escalation vulnerabilityFactoryTalk Linx Privilege has no fix planned

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

FactoryTalk Linx PrivilegeAll versionsNo fix (EOL)

FactoryTalk Linx: <=6.40≤ 6.406.50+

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and local network access to systems running FactoryTalk Linx to authorized personnel only

HARDENINGImplement strong access controls and account management practices to limit local user accounts on engineering and control systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FactoryTalk Linx to version 6.50 or later

HOTFIXInstall the latest Microsoft patch to address the related MSI issue

CVEs (2)

CVE-2025-9067 CVE-2025-9068

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c4764bcd-dbd7-4910-8ef9-56cff2246b54

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.