Plateforme
windows
Composant
factorytalk-linx-driver-package
Corrigé dans
6.40.1
CVE-2025-9068 describes a privilege escalation vulnerability within the FactoryTalk Linx Driver Package. An attacker with valid Windows user credentials can exploit this flaw during the MSI repair process, hijacking the console window and executing commands with SYSTEM privileges. This vulnerability affects versions of the Driver Package up to and including 6.40, and a fix is available in version 6.40.1.
Successful exploitation of CVE-2025-9068 allows an attacker to achieve SYSTEM-level access to the affected machine. This grants them complete control over the system, including the ability to read, modify, and delete files, install malware, and compromise other connected systems. The attacker could potentially exfiltrate sensitive data, disrupt operations, or use the compromised system as a launchpad for further attacks within the network. The impact is significant due to the potential for widespread damage and data loss.
CVE-2025-9068 was publicly disclosed on 2025-10-14. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits. This vulnerability is not yet listed on the CISA KEV catalog, but its potential for SYSTEM-level compromise warrants close monitoring.
Organizations utilizing Rockwell Automation's FactoryTalk Linx Driver Package, particularly those with legacy systems or configurations that allow authenticated users broad access to system resources, are at significant risk. Shared hosting environments or deployments with weak user access controls are especially vulnerable.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Linx*'} | Select-Object TaskName, State• windows / supply-chain:
Get-WmiObject -Class Win32_Process | Where-Object {$_.Name -like '*vbpinstall.exe*'}• windows / supply-chain: Check registry keys related to FactoryTalk Linx installation for unusual entries or modifications. • windows / supply-chain: Monitor Windows Defender for alerts related to suspicious processes or file modifications during MSI repair operations.
disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
The primary mitigation for CVE-2025-9068 is to upgrade the FactoryTalk Linx Driver Package to version 6.40.1 or later. If an immediate upgrade is not feasible, consider restricting access to the MSI repair functionality and closely monitoring user activity. While a direct workaround isn't available, implementing robust user access controls and regularly auditing system logs can help detect and prevent unauthorized attempts to exploit this vulnerability. After upgrading, verify the fix by attempting a repair installation and confirming that the console window cannot be hijacked.
Actualice FactoryTalk Linx a la versión más reciente proporcionada por Rockwell Automation. Consulte el aviso de seguridad SD1754 en el Centro de Confianza de Rockwell Automation para obtener más detalles e instrucciones específicas de actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-9068 is a vulnerability allowing authenticated attackers to gain SYSTEM privileges during the MSI repair process of the FactoryTalk Linx Driver Package, potentially leading to full system control.
You are affected if you are using FactoryTalk Linx Driver Package versions 6.40 and prior. Upgrade to 6.40.1 or later to mitigate the risk.
Upgrade the FactoryTalk Linx Driver Package to version 6.40.1 or later. If immediate upgrade is not possible, restrict access to the MSI repair functionality.
Currently, there are no publicly known active exploitation campaigns, but the vulnerability's potential impact warrants vigilance.
Refer to the official Rockwell Automation security advisory for detailed information and updates regarding CVE-2025-9068.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.