PT-2026-5809 · Rockwell Automation · Studio 5000 Logix Designer+1
Luis Martinez
·
Published
2026-02-04
·
Updated
2026-02-05
·
CVE-2019-25276
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Studio 5000 Logix Designer version 30.01.00
Description
Studio 5000 Logix Designer 30.01.00 has an unquoted service path issue within the FactoryTalk Activation Service. This allows local users to potentially run code with higher privileges. The unquoted path, located at
C:Program Files (x86)Rockwell SoftwareFactoryTalk Activation, can be exploited to inject malicious code that executes with LocalSystem permissions.Recommendations
Ensure the service path for FactoryTalk Activation Service is properly quoted to prevent malicious code execution.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Factorytalk Activation Service
Studio 5000 Logix Designer