Analysis Summary

CVE-2025-9064 CVSS:7.5

Rockwell Automation FactoryTalk View Machine Edition could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted request to delete any file within the panels operating system.

CVE-2025-9063 CVSS:7.3

Rockwell Automation PanelView Plus 7 Performance Series B could allow a remote authenticated attacker to bypass security restrictions, caused by an authentication bypass security issue.

CVE-2025-9068 CVSS:7.8

Rockwell Automation FactoryTalk Linx could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality.

Impact

• Gain Access
• Security Bypass
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-9064

• CVE-2025-9063

• CVE-2025-9068

Affected Vendors

Affected Products

• Rockwell Automation FactoryTalk View Machine Edition
• Rockwell Automation PanelView Plus 7 Performance Series B V14.00
• Rockwell Automation FactoryTalk Linx 6.40

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-9064

CVE-2025-9063

CVE-2025-9068