Rockwell FactoryTalk® ViewPoint Privilege Escalation Vulnerability
Monitor7.8SD1738Aug 13, 2025
Summary
FactoryTalk ViewPoint contains a privilege escalation vulnerability that allows a local user to gain elevated rights within the HMI application without possessing valid engineering credentials. The flaw exists in all versions of the product. An attacker exploiting this weakness could modify process parameters, change alarm settings, or alter monitoring configurations.
What this means
What could happen
An attacker with local access to a workstation running FactoryTalk ViewPoint could escalate privileges to gain elevated rights within the HMI application, allowing unauthorized modifications to process setpoints, alarms, and monitoring configuration.
Who's at risk
Manufacturing plants, water utilities, and electric utilities operating Rockwell Automation HMI systems. This vulnerability affects anyone using FactoryTalk ViewPoint for process monitoring and control, particularly operations staff and engineering teams who rely on the application to interact with PLCs and other control devices.
How it could be exploited
An attacker with local user access to a workstation running FactoryTalk ViewPoint can exploit a privilege escalation flaw to gain administrator-level access to the HMI application without requiring valid engineering credentials. The attacker then has the ability to modify process parameters or disable alarms.
Prerequisites
- Local user account on the workstation running FactoryTalk ViewPoint
- FactoryTalk ViewPoint application installed and running
Local exploitation required (lower risk than remote)No patch availablePrivilege escalation in critical HMI interfaceCould bypass role-based access controls
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk ViewPoint PrivilegeAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement strict physical and network access controls to limit who can log in to workstations running FactoryTalk ViewPoint
HARDENINGRestrict local user accounts on FactoryTalk ViewPoint workstations to only authorized engineering and operations staff
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGEnable audit logging on FactoryTalk ViewPoint to monitor for privilege escalation attempts and unauthorized configuration changes
WORKAROUNDApply host-based access controls or endpoint protection software to monitor and prevent privilege escalation attempts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/61d92188-b03b-4889-b197-3cae3cb6da2f