Rockwell Automation FactoryTalk ViewPoint Denial of Service Vulnerability

Rockwell Automation FactoryTalk ViewPoint is a web-based client application from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation FactoryTalk ViewPoint, which can be exploited by an attacker to cause a denial of service...

Rockwell Automation FactoryTalk ViewPoint

RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CVE-2025-9066

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

CVE-2025-9066

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

EUVD-2025-34186

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

CVE-2025-9066 Rockwell Automation FactoryTalk® ViewPoint XXE to Denial-of-Service Vulnerability

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

CVE-2025-9066 Rockwell Automation FactoryTalk® ViewPoint XXE to Denial-of-Service Vulnerability

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

CVE-2025-9066

Summary: CVE-2025-9066 affects Rockwell Automation’s FactoryTalk ViewPoint. Unauthenticated attackers can abuse SOAP requests to trigger XML External Entity (XXE) processing, resulting in a temporary denial-of-service. The vulnerability is documented across multiple sources (NVD, Rockwell advisor...

PT-2025-41915

Name of the Vulnerable Software and Affected Versions FactoryTalk ViewPoint affected versions not specified Description A security issue exists in FactoryTalk ViewPoint that allows unauthenticated attackers to achieve XML External Entity XXE attacks. Specific SOAP requests can be exploited to...

Rockwell Automation FactoryTalk ViewPoint 安全漏洞

Rockwell Automation FactoryTalk ViewPoint is a web-based client application from Rockwell Automation, Inc. A security vulnerability exists in Rockwell Automation FactoryTalk ViewPoint that originates from an unauthenticated attacker who can execute an XXE attack using a specially crafted SOAP...

EUVD-2025-24817

Malicious code in bioql PyPI...

CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling fu...

CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling fu...

CVE-2025-7973

CVE-2025-7973 affects FactoryTalk ViewPoint 14.0 and earlier. The root cause is improper handling of MSI repair operations, allowing an attacker with local access to hijack the cscript.exe console window (which runs with SYSTEM privileges) and spawn an elevated command prompt, enabling full privi...

CVE-2025-7973 Rockwell Automation FactoryTalk® ViewPoint Privilege Escalation Vulnerability

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling fu...

CVE-2025-7973 Rockwell Automation FactoryTalk® ViewPoint Privilege Escalation Vulnerability

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling fu...

Rockwell Automation FactoryTalk Viewpoint

RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Rockwell Automation FactoryTalk Viewpoint 安全漏洞

Rockwell Automation FactoryTalk Viewpoint is a browser plug-in from Rockwell Automation, Inc. A security vulnerability exists in Rockwell Automation FactoryTalk Viewpoint version 14.0 and prior versions, which stems from a mishandled MSI fix operation that could result in elevated privileges...

PT-2025-33284 · Rockwell Automation · Factorytalk® Viewpoint

Name of the Vulnerable Software and Affected Versions: FactoryTalk ViewPoint versions 14.0 and earlier Description: A security issue exists in FactoryTalk ViewPoint due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs...