Rockwellautomation Factorytalk Linx
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rockwellautomation Factorytalk Linx.
By the Year
In 2026 there have been 0 vulnerabilities in Rockwellautomation Factorytalk Linx. Last year, in 2025 Factorytalk Linx had 2 security vulnerabilities published. Right now, Factorytalk Linx is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.10 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 7 | 7.55 |
It may take a day or so for new Factorytalk Linx vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rockwellautomation Factorytalk Linx Security Vulnerabilities
Privilege Escalation via MSI Repair in FTLinx
CVE-2025-9067
- October 14, 2025
A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
Improper Privilege Management
CVE-2025-9068: Windows MSI Repair Hijack to SYSTEM for Rockwell Automation Driver
CVE-2025-9068
- October 14, 2025
A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
Improper Privilege Management
FactoryTalk Linx Buffer Overflow Disclosure in Rockwell PanelView Plus
CVE-2023-29464
9.1 - Critical
- October 13, 2023
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
Memory Corruption
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id
CVE-2020-5801
7.5 - High
- December 29, 2020
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
Improper Handling of Exceptional Conditions
An attacker-controlled memory allocation size
CVE-2020-5802
7.5 - High
- December 29, 2020
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.
Allocation of Resources Without Limits or Throttling
An attacker-controlled memory allocation size
CVE-2020-5806
5.5 - Medium
- December 29, 2020
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
Allocation of Resources Without Limits or Throttling
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior
CVE-2020-27251
9.8 - Critical
- November 26, 2020
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
Heap-based Buffer Overflow
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior
CVE-2020-27253
7.5 - High
- November 26, 2020
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.
Improper Input Validation
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior
CVE-2020-27255
7.5 - High
- November 26, 2020
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
Heap-based Buffer Overflow
FactoryTalk Linx versions 6.00
CVE-2020-12001
- June 15, 2020
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rockwellautomation Factorytalk Linx or by Rockwellautomation? Click the Watch button to subscribe.
