Rockwell FactoryTalk® ViewPoint XXE to Denial-of-Service Vulnerability
Monitor7.5SD1752Oct 14, 2025
Summary
Rockwell Automation FactoryTalk ViewPoint contains an XML external entity (XXE) vulnerability in all versions. The application does not properly validate or disable external entity processing when parsing XML input, allowing an attacker with network access to send a specially crafted XML file that triggers resource exhaustion or application crash, resulting in denial of service to the monitoring and visualization platform.
What this means
What could happen
An attacker with network access to FactoryTalk ViewPoint can trigger an XML external entity (XXE) attack, causing the application to crash and become unavailable. This disrupts access to plant monitoring and visualization dashboards that operators rely on to observe and control production processes.
Who's at risk
Manufacturing facilities using FactoryTalk ViewPoint for SCADA visualization and plant monitoring. This impacts any organization relying on Rockwell Automation's ViewPoint software for real-time process dashboards, alarm management, and operator interface functions. Affected equipment includes any deployment of FactoryTalk ViewPoint across all versions.
How it could be exploited
An attacker sends a malicious XML file with external entity declarations to FactoryTalk ViewPoint over the network. The application parses the XML without proper validation, allowing the attacker to trigger resource exhaustion or crash the service, denying operators access to real-time process data.
Prerequisites
- Network access to FactoryTalk ViewPoint (typically port 80/443 or application service port)
- Ability to upload or send XML files to the application
remotely exploitableno patch availablecauses denial of service to critical visibility systems
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk ViewPoint XXEAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDDeploy a web application firewall (WAF) or IDS rule to detect and block XXE payloads in XML traffic destined for FactoryTalk ViewPoint
WORKAROUNDDisable XML external entity processing in FactoryTalk ViewPoint if there is a configuration option to do so
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor FactoryTalk ViewPoint logs for XML parsing errors or unexpected application restarts that may indicate exploitation attempts
Mitigations - no patch available
0/1FactoryTalk ViewPoint XXE has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to FactoryTalk ViewPoint from only trusted engineering and operator workstations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/10d9ba04-5ec8-48a9-80aa-e78c4a9d3ae3