Rockwell Automation FactoryTalk View Site Edition

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges.

CVEs (2)

Remediations

• Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible:
• For CVE-2025-24481: *-* Upgrade to V15.0 or apply patch. Answer ID 1152306 *-* Protect physical access to the workstation *-* Restrict access to Port 8091 at the network or workstation
• Upgrade to V15.0 or apply patch. Answer ID 1152306
• Protect physical access to the workstation
• Restrict access to Port 8091 at the network or workstation
• Upgrade to V15.0 or apply patch. Answer ID 1152304.
• Check the environment variables (PATH), and make sure FactoryTalk® View SE installation path (C:\Program Files (x86)\Common Files\Rockwell) is before all others
• For information on how to mitigate Security Risks on industrial automation control systems, Rockwell Automation asks users to implement their suggested security best practices to minimize the risk of the vulnerabilities.
• Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
• For CVE-2025-24482: *-* Upgrade to V15.0 or apply patch. Answer ID 1152304. *-* Check the environment variables (PATH), and make sure FactoryTalk® View SE installation path (C:\Program Files (x86)\Common Files\Rockwell) is before all others

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing