CVE-2025-7973

Published: Aug 14, 2025

Modified: Aug 14, 2025

PUBLISHED

Description

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

Vendor	Product	Versions
Rockwell Automation	FactoryTalk® ViewPoint	affected `Version 14.00 or below`

Weaknesses (CWE)

CWE-268

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1738.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-7973

Description

Affected Products

Weaknesses (CWE)

References