CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

CVSS

No CVSS.

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1738.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe un problema de seguridad en FactoryTalk ViewPoint versión 14.0 o anterior debido a la gestión incorrecta de las operaciones de reparación de MSI. Durante una reparación, los atacantes pueden secuestrar la ventana de consola cscript.exe, que se ejecuta con privilegios de SYSTEM. Esto puede aprovecharse para generar un símbolo del sistema con privilegios elevados, lo que permite una escalada completa de privilegios.

14 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 14:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-7973

Mitre link : CVE-2025-7973

CVE.ORG link : CVE-2025-7973

JSON object : View

Products Affected

No product.

CWE

CWE-268

Privilege Chaining

{"id": "CVE-2025-7973", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-14T14:15:35.847", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1738.html", "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-268"}]}], "descriptions": [{"lang": "en", "value": "A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation."}, {"lang": "es", "value": "Existe un problema de seguridad en FactoryTalk ViewPoint versi\u00f3n 14.0 o anterior debido a la gesti\u00f3n incorrecta de las operaciones de reparaci\u00f3n de MSI. Durante una reparaci\u00f3n, los atacantes pueden secuestrar la ventana de consola cscript.exe, que se ejecuta con privilegios de SYSTEM. Esto puede aprovecharse para generar un s\u00edmbolo del sistema con privilegios elevados, lo que permite una escalada completa de privilegios."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "PSIRT@rockwellautomation.com"}