Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7

Plan PatchCVSS 7.5ICS-CERT ICSA-25-289-01Oct 14, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 devices contain a path traversal and authentication bypass vulnerability (CVE-2025-9063, CVE-2025-9064) that allows unauthenticated attackers with network access to read and access the device's file system. Affected versions include FactoryTalk View Machine (all versions), FactoryTalk View ME versions before V15.00, and PanelView Plus 7 Performance Series B versions before V14.103. Successful exploitation could allow attackers to access sensitive files including HMI configurations, historical data, and potentially credential material.

What this means

What could happen

An unauthenticated attacker on your network could access the file system of FactoryTalk View ME and PanelView Plus 7 devices, potentially reading or modifying critical HMI configurations, historical data, or operator credentials that could be used to control your processes.

Who's at risk

Manufacturing facilities using Rockwell Automation's FactoryTalk View Machine Edition or PanelView Plus 7 touchscreen HMIs should prioritize this issue. These devices are commonly used on production lines, batch processes, and pump/motor control applications. All versions of FactoryTalk View Machine are affected; specific versions of View ME and PanelView Plus 7 have patches available.

How it could be exploited

An attacker with network access to your FactoryTalk View ME or PanelView Plus 7 device sends a crafted request to exploit a path traversal or authentication bypass vulnerability. The device responds by providing file system access without requiring valid operator credentials, allowing the attacker to browse and extract sensitive files.

Prerequisites

Network access to the FactoryTalk View ME or PanelView Plus 7 device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects HMI/SCADA systemsfile system access enables configuration tampering

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

FactoryTalk View MachineAll versionsNo fix (EOL)

FactoryTalk View Machine Edition: <V15.00<V15.00V15.00 with Patch BF31001

PanelView Plus 7: V14.100V14.100V14.103

Remediation & Mitigation

0/5

Do now

0/2

FactoryTalk View Machine

WORKAROUNDFor FactoryTalk View Machine versions that cannot be patched, do not allow direct network access from any untrusted network segment

All products

HARDENINGRestrict network access to FactoryTalk View ME and PanelView Plus 7 devices at the firewall; allow only connections from trusted engineering workstations and authorized remote access systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

FactoryTalk View Machine

HOTFIXUpdate FactoryTalk View Machine Edition to V15.00 and apply Patch BF31001 immediately

All products

HOTFIXUpdate PanelView Plus 7 Performance Series B to firmware V14.103 or later

Mitigations - no patch available

0/1

FactoryTalk View Machine has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate FactoryTalk View ME and PanelView Plus 7 from your business network; place them on a separate industrial network behind a firewall

CVEs (2)

CVE-2025-9064 CVE-2025-9063

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/37120390-e03d-4cf1-814a-5e1fcc1e8bd2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.