838 matches found
Rockwell Automation FactoryTalk ViewPoint
RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
CVE-2025-9066
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...
CVE-2025-9063
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...
CVE-2025-9066
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...
CVE-2025-9063
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...
CVE-2025-9064
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted...
CVE-2025-9064
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted...
CVE-2025-9063
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...
CVE-2025-9067 Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities
A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...
CVE-2025-9067
CVE-2025-9067 describes a privilege-escalation vulnerability in the x86 Microsoft Installer File (MSI) used with Rockwell Automation FactoryTalk Linx/FTLinx. Authenticated Windows users can initiate a repair via the MSI, hijack the repair console (e.g., vbpinstall.exe in the Rockwell MSI path), a...
CVE-2025-9067 Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities
A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...
CVE-2025-9068
CVE-2025-9068 affects Rockwell Automation Driver Package x64 MSI repair functionality (installed with FTLinx). Authenticated Windows users can initiate a repair and hijack the console window for vbpinstall.exe, spawning a SYSTEM-level command prompt with full access to files, processes, and syste...
CVE-2025-9068 Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities
A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File MSI repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This...
CVE-2025-9064 Rockwell Automation FactoryTalk View Machine Edition Path Traversal
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted...
CVE-2025-9064 Rockwell Automation FactoryTalk View Machine Edition Path Traversal
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted...
CVE-2025-9064
CVE-2025-9064 concerns a path traversal vulnerability in Rockwell Automation’s FactoryTalk View Machine Edition (FTVME) that allows unauthenticated attackers on the same network to delete arbitrary files on the panel OS, contingent on knowing target filenames. Related advisories describe addition...
EUVD-2025-34184
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted...
CVE-2025-9063 Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...
CVE-2025-9063 Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...
EUVD-2025-34185
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...