Description
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution.
CVSS Metrics
- Vector
- CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- active
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-77
Metadata
- Primary Vendor
- ROCKWELLAUTOMATION
- Published
- 9/9/2025
- Last Modified
- 10/20/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
rockwellautomation : factorytalk_optix
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.