Refine your search
2 vulnerabilities found for factorytalk_view by rockwellautomation
CVE-2025-9064 (GCVE-0-2025-9064)
Vulnerability from nvd
Published
2025-10-14 12:22
Modified
2025-10-14 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk View Machine Edition |
Version: V15.00 and prior |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:46:24.670147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:46:34.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk View Machine Edition",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V15.00 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:22:36.551Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003e-FactoryTalk View ME V15.00 and later on ASEM 6300 IPC\u2019s \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e-Patch \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.rockwellautomation.com/app/answers/answer_view/a_id/1152571\"\u003eBF31001\u003c/a\u003e\u0026nbsp; \u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e-PanelView Plus 7 Performance Series B \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=61168\"\u003eV14.103\u003c/a\u003e firmware package \u0026nbsp;\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "-FactoryTalk View ME V15.00 and later on ASEM 6300 IPC\u2019s \n\n\n\n-Patch BF31001 https://support.rockwellautomation.com/app/answers/answer_view/a_id/1152571 \u00a0 \u00a0\n\n\n\n\u00a0\n\n\n\n-PanelView Plus 7 Performance Series B V14.103 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx firmware package"
}
],
"source": {
"advisory": "SD1753",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation FactoryTalk View Machine Edition Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9064",
"datePublished": "2025-10-14T12:22:36.551Z",
"dateReserved": "2025-08-15T13:56:26.986Z",
"dateUpdated": "2025-10-14T18:46:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9063 (GCVE-0-2025-9063)
Vulnerability from nvd
Published
2025-10-14 12:20
Modified
2025-10-14 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | PanelView Plus 7 Performance Series B |
Version: V14.00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:45:42.455090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:45:57.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PanelView Plus 7 Performance Series B",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V14.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:20:39.318Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePanelView Plus 7 \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePerformance Series B\u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=61168\"\u003eV14.103\u003c/a\u003e"
}
],
"value": "PanelView Plus 7 Performance Series B V14.103 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx"
}
],
"source": {
"advisory": "SD1753",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9063",
"datePublished": "2025-10-14T12:20:39.318Z",
"dateReserved": "2025-08-15T12:55:33.964Z",
"dateUpdated": "2025-10-14T18:45:57.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}