CVE-2025-7973

High CVSS: 8.5

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

Vendor

Product

CWE

CWE-268

Yayın Tarihi

2025-08-14 14:15:35

Güncelleme

2025-08-15 13:12:51

Source Identifier

PSIRT@rockwellautomation.com

KEV Date Added

Kategoriler

CWE-268 HIGH 2025

Referanslar

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1738.html