Severity
High
Analysis Summary
CVE-2025-9067 CVSS:7.8
Rockwell Automation FactoryTalk Linx could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the x86 Microsoft Installer File (MSI).
CVE-2025-7328 CVSS:10
Rockwell Automation Comms - 1783-NATR could provide weaker than expected security, caused by multiple broken authentication security issues. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2025-7329 CVSS:8.4
Rockwell Automation Comms - 1783-NATR is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.
Impact
- Security Bypass
- Privilege Escalation
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-9067
CVE-2025-7328
CVE-2025-7329
Affected Vendors
Affected Products
- Rockwell Automation FactoryTalk Linx 6.40
- Rockwell Automation Comms - 1783-NATR 1.006
Remediation
Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.