OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk ViewPoint

Monitor7.5ICS-CERT ICSA-25-289-03Oct 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

An XML external entity injection vulnerability in PanelView Plus 7 terminals allows unauthenticated remote attackers to cause a temporary denial-of-service condition. The vulnerability exists in versions 14 and earlier of the PanelView Plus 7 Standard and Performance Series A, and earlier versions of Performance Series B. Successful exploitation could temporarily disable the terminal display, preventing operators from monitoring plant status.

What this means
What could happen
An attacker could exploit an XML external entity injection flaw in PanelView Plus 7 terminals to temporarily stop the display or cause it to become unresponsive, disrupting plant monitoring and operator awareness during an outage.
Who's at risk
Manufacturing facilities using Rockwell Automation PanelView Plus 7 terminals for plant monitoring and control. This affects operators who rely on these HMI displays for real-time process visibility and alarm management. Water utilities and electric utilities with Rockwell-based SCADA systems should also assess if they use this equipment.
How it could be exploited
An attacker with network access to the PanelView Plus 7 terminal sends a specially crafted XML file that triggers an external entity injection. The vulnerability requires no authentication, and the injected XML can be processed by the device to cause a denial-of-service condition.
Prerequisites
  • Network access to the PanelView Plus 7 terminal on TCP/IP
  • No credentials required
remotely exploitableno authentication requiredlow complexityaffects monitoring/visibility systems
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
PanelView Plus 7 Terminal: <=14≤ 14No fix yet
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate PanelView Plus 7 terminals from direct internet access and place behind firewalls on a segmented OT network
HARDENINGRestrict network access to PanelView Plus 7 terminals to only authorized engineering workstations and control room systems
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PanelView Plus 7 Standard or Performance Series A devices to v12, v13, or v14 with patch AID BF30506
HOTFIXUpgrade PanelView Plus 7 Performance Series B devices to v14.103 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c27bb4be-52c8-48e5-92d3-57bbfdadbf07