Rockwell FactoryTalk View Machine Edition and PanelView Plus 7 Vulnerabilities
Monitor7.5SD1753Oct 14, 2025
Summary
Rockwell FactoryTalk View Machine Edition and PanelView Plus 7 devices contain vulnerabilities in their network services that could allow remote code execution. An attacker with network access to an affected device could execute arbitrary commands without authentication. This affects all versions of FactoryTalk View Machine. No patch is currently available from Rockwell Automation.
What this means
What could happen
An attacker with network access to a FactoryTalk View Machine or PanelView Plus 7 device could execute arbitrary code, potentially allowing them to modify process parameters, stop production, or alter equipment behavior.
Who's at risk
Manufacturing and process control facilities using Rockwell Automation's FactoryTalk View Machine Edition as a human-machine interface (HMI) or PanelView Plus 7 operator panels. This impacts any facility relying on these devices for real-time process monitoring and control, including discrete manufacturing, chemical processing, food and beverage production, and water/wastewater treatment plants.
How it could be exploited
An attacker with network access to the device could send a specially crafted request to the web interface or network service to trigger code execution. No authentication is required if the device is exposed on the network.
Prerequisites
- Network access to the FactoryTalk View Machine or PanelView Plus 7 device on port(s) used by the web interface or Rockwell proprietary services
- Device must be running a vulnerable version (all versions affected)
remotely exploitableno authentication requiredno patch availableaffects critical HMI systemsnetwork exposure
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View MachineAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate FactoryTalk View Machine and PanelView Plus 7 devices to a restricted network segment; do not expose to untrusted networks or the internet
HARDENINGImplement firewall rules to restrict network access to these devices to only authorized engineering workstations and control systems
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic to and from affected devices for suspicious activity or unexpected connections
WORKAROUNDMonitor Rockwell Automation security advisories for patch releases
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ff45964c-564b-4738-a779-0bf927c8fe38