← Back to home
ICSA-25-289-03  ·  Published 2025-10-16  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk ViewPoint

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition.

CVEs (1)

Remediations

  • Rockwell Automation recommends that users upgrade to one of the following versions:
  • Panel View Plus 7 Standard and Panel View Plus 7 Performance Series A v12, v13, v14 patch AID BF30506 (firmware fix)
  • Panel View Plus 7 Performance Series B V14.103
  • Users of the affected software who are unable to upgrade to one of the corrected versions should use Rockwell Automation's security best practices.
  • For more information, see the Rockwell Automation advisory SD1752 for this vulnerability.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · PanelView Plus 7 Terminal <=14

Affected Sectors

Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, and Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more