HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2025-7972

CVSS 8.4v4.0pub. 2025-08-14upd. 2025-10-29

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation Factorytalk Linx

    APP
    Rockwellautomation
    < 6.50
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-27251CRITICAL9.8ten sam produkt

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could ...

CVE-2020-12001CRITICAL9.8ten sam produkt

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workben...

CVE-2025-9067HIGH8.5ten sam produkt

A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated at...

CVE-2025-9068HIGH8.5ten sam produkt

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repai...

CVE-2023-29464HIGH8.2ten sam produkt

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read d...