CVE-2025-9063
published 2025-10-14CVE-2025-9063: An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.37%
28.5th percentile
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | panelview_plus_7_performance_series_b | — | — |
| rockwellautomation | factorytalk_view | <= 15.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is PanelView Plus 7 Version V14.100 running FactoryTalk View Machine Edition Web Browser ActiveX control — look for unauthorized HTTP/local access attempts to file system, diagnostic info, or event logs on these devices ↗
- →CVE-2025-9063 is a local attack vector (AV:L) with low privilege requirement — monitor for low-privileged local process activity accessing file system, diagnostic, or event log resources on PanelView Plus 7 Series B devices ↗
- →Affected version is PanelView Plus 7 V14.100 — inventory and flag any devices running this specific firmware version as unpatched and at risk ↗
- ·No known public exploitation has been reported as of the advisory date — detection priority should be set accordingly but not deprioritized given critical manufacturing sector exposure ↗
- ·The vulnerability is exploited via the Web Browser ActiveX control component; network-isolated deployments reduce but do not eliminate risk given the local attack vector classification ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.0HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6444-jp6x-75rm: An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control
ghsa_unreviewed·2025-10-14
CVE-2025-9063 [HIGH] CWE-287 GHSA-6444-jp6x-75rm: An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more.
CISA ICS
Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7
cisa_ics·2025-10-16·CVSS 9.8
[CRITICAL] Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7
ICS Advisory
##
Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7
Release DateOctober 16, 2025
Alert CodeICSA-25-289-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View Machine Edition and PanelView Plus 7
- Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to access to the device's file system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The foll
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published