CVE-2025-7973
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-15

Assigner: Rockwell Automation

Description
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-15
Generated
2026-05-27
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7973
EUVD
EUVD-2025-24817
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rockwellautomation factorytalk_viewpoint 14.0
rockwellautomation factorytalk_viewpoint *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-268 Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges, allowing them to spawn an elevated command prompt and achieve full privilege escalation.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to gain full SYSTEM-level privileges on the affected system by hijacking the cscript.exe console during MSI repair operations. This privilege escalation can lead to unauthorized control over the system, potentially compromising system integrity and security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart