OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7

Plan Patch7.5ICS-CERT ICSA-25-289-01Oct 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Two vulnerabilities (CVE-2025-9064 in FactoryTalk View ME and both CVE-2025-9063 and CVE-2025-9064 in PanelView Plus 7) allow unauthenticated attackers to access the device's file system through path traversal and missing access controls. FactoryTalk View Machine Edition versions below V15.00 are affected. PanelView Plus 7 V14.100 is affected. Successful exploitation allows an attacker to read, modify, or delete files on the affected HMI device without providing credentials.

What this means
What could happen
An unauthenticated attacker with network access to the device could read, modify, or delete files on FactoryTalk View Machine Edition or PanelView Plus 7, potentially disrupting HMI operations or altering process configurations critical to plant safety.
Who's at risk
Water and electric utilities, food and beverage manufacturers, and other process industries that rely on Rockwell Automation FactoryTalk View Machine Edition HMI software or PanelView Plus 7 operator interface panels for process monitoring and control. Any facility using these products for plant operations should assess exposure.
How it could be exploited
An attacker on the network sends unauthenticated requests to the affected HMI device. Due to improper access controls (CWE-285) and path traversal flaws (CWE-22), the attacker gains read/write access to the device's file system without providing credentials, enabling them to access sensitive files or modify application settings.
Prerequisites
  • Network reachability to the affected HMI device (TCP/IP access)
  • No authentication credentials required
  • Device running vulnerable firmware version
remotely exploitableno authentication requiredlow complexityimproper access controlspath traversal flaw
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
FactoryTalk View Machine Edition: <V15.00<V15.00V15.00 with Patch BF31001
PanelView Plus 7: V14.100V14.100V14.103
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGRestrict network access to HMI devices using firewall rules; ensure devices are not directly reachable from the internet or business network
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk View Machine Edition to V15.00 or later with Patch BF31001 on ASEM 6300 IPC devices
HOTFIXUpdate PanelView Plus 7 Performance Series B to firmware V14.103 or later
Long-term hardening
0/2
HARDENINGIsolate control system network from business network using air-gapped or segmented architecture
HARDENINGIf remote access is required, implement VPN with current security updates and access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/37120390-e03d-4cf1-814a-5e1fcc1e8bd2
Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 | CVSS 7.5 - OTPulse