Rockwell FactoryTalk® Linx Network Browser Security Bypass Vulnerability

Plan Patch9SD1735Aug 14, 2025

Summary

FactoryTalk Linx Network Browser contains an authentication bypass vulnerability that allows an attacker to gain unauthorized access to Rockwell automation networks without valid credentials. The vulnerability affects all versions of FactoryTalk Linx Network and permits an unauthenticated attacker to bypass security controls and interact with connected industrial devices and the network topology. No firmware update from Rockwell is available to resolve this issue.

What this means

What could happen

An attacker who can reach the FactoryTalk Linx Network Browser can bypass authentication and gain unauthorized access to Rockwell automation networks and devices, potentially allowing them to view, modify, or disrupt industrial processes.

Who's at risk

Manufacturing facilities, water/wastewater utilities, and electric cooperatives using Rockwell Automation control systems with FactoryTalk Linx Network deployment. Particularly critical for sites where PLCs, drives, and HMIs manage essential processes like water treatment, power distribution, or production lines.

How it could be exploited

An attacker on the network sends specially crafted requests to the FactoryTalk Linx Network Browser interface, bypassing the authentication mechanism to gain access to the network topology and connected PLC/control devices. Once authenticated, the attacker can interact with industrial devices without valid credentials.

Prerequisites

Network access to FactoryTalk Linx Network Browser interface (typically port 1911 or 4840)
FactoryTalk Linx Network application running
No valid credentials required for exploitation

Remotely exploitableNo authentication requiredAuthentication bypassNo patch availableCritical severity (CVSS 9)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk Linx NetworkAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to restrict access to FactoryTalk Linx Network Browser—allow only authorized engineering workstations and HMI systems to reach it

WORKAROUNDDeploy firewall rules to limit inbound connections to the FactoryTalk Linx Network Browser port (1911/4840) to trusted IP addresses only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDDisable the FactoryTalk Linx Network Browser if not actively in use for daily operations

Mitigations - no patch available

0/1

FactoryTalk Linx Network has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor network traffic to the FactoryTalk Linx Network Browser interface for suspicious or unauthorized access attempts

CVEs (1)

CVE-2025-7972

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/682f928b-871f-4ba8-9cc0-6e4358d25fc5