Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure
Description
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can exploit a buffer-size vulnerability in FactoryTalk Linx on PanelView Plus to read memory or cause a denial-of-service.
Vulnerability
FactoryTalk Linx, running on Rockwell Automation PanelView Plus, contains a buffer-size vulnerability that can be triggered by sending crafted malicious packets [1]. When a packet with a size larger than the expected buffer is sent, the software reads beyond the allocated memory region, resulting in information disclosure. If the size is sufficiently large, the system becomes unresponsive to all Common Industrial Protocol (CIP) traffic, causing a denial-of-service. No authentication is required to exploit this flaw, and the attack is carried out over the network [1]. Affected versions are not explicitly listed in the reference but the advisory applies to all PanelView Plus units running the vulnerable version of FactoryTalk Linx.
Exploitation
An unauthenticated threat actor with network access to the affected PanelView Plus can send specially crafted malicious packets to the FactoryTalk Linx service [1]. By sending a packet with a size larger than the buffer size, the attacker can trigger two possible outcomes: if the size is moderate, the function reads out-of-bounds, leaking memory contents back to the attacker; if the size is very large, the communication stack becomes unresponsive to any CIP packet, resulting in a denial-of-service [1]. No user interaction or prior authentication is required.
Impact
Successful exploitation leads to information disclosure of sensitive data residing in device memory, which could include credentials, configuration data, or process information [1]. In the denial-of-service scenario, the attacker renders FactoryTalk Linx unresponsive over CIP, disrupting industrial control operations and potentially causing production downtime [1]. The attacker does not gain code execution but can exfiltrate memory contents or halt communications.
Mitigation
Rockwell Automation has released a security advisory (ID: 1141040) recommending users update FactoryTalk Linx to the latest version [1]. Users should apply the vendor-supplied patch or follow the remediation instructions provided in the advisory. Until patched, network segmentation and restricting access to the PanelView Plus from untrusted networks can reduce exposure [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 6.20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.