Rockwell FactoryTalk® Linx Privilege Escalation Vulnerabilities

Plan Patch8.5SD1754Oct 14, 2025

Summary

FactoryTalk Linx contains a privilege escalation vulnerability that allows an attacker with network access to gain administrator-level permissions without valid credentials. This vulnerability affects all versions of FactoryTalk Linx Privilege. The vulnerability enables unauthorized modification of control logic, alarm settings, and user access controls within the system. Rockwell Automation has indicated that no fix is planned for this product.

What this means

What could happen

An attacker with network access to FactoryTalk Linx can escalate privileges to administrator level, allowing them to modify control logic, change alarm settings, or disconnect legitimate users from the system.

Who's at risk

Manufacturing facilities, food and beverage plants, pharmaceutical production sites, and any operation using Rockwell Automation FactoryTalk Linx for control logic and recipe management should assess this vulnerability. This affects engineers and operators who rely on user access controls to prevent unauthorized changes to production systems.

How it could be exploited

An attacker on the network connects to the FactoryTalk Linx service and exploits the privilege escalation flaw to gain administrator-level access without needing valid credentials or a special configuration.

Prerequisites

Network access to the FactoryTalk Linx service port
FactoryTalk Linx installed and running on a reachable system

remotely exploitablehigh CVSS score (8.5)no patch availableaffects control system engineering access

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk Linx PrivilegeAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to restrict access to FactoryTalk Linx systems from untrusted networks

WORKAROUNDDeploy firewall rules to allow only authorized engineering workstations and HMI clients to connect to FactoryTalk Linx ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and audit administrator-level access to FactoryTalk Linx systems for suspicious activity

Mitigations - no patch available

0/1

FactoryTalk Linx Privilege has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate FactoryTalk Linx systems on a dedicated VLAN with restricted cross-network traffic

CVEs (2)

CVE-2025-9067 CVE-2025-9068

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/796a8e67-9335-4989-9921-e6e8511ff4d1