CVE-2025-9063: 
Rockwell Automation FactoryTalk View Machine Edition vulnerability analysis and mitigation

CVE-2025-9063 is an authentication bypass vulnerability discovered in the FactoryTalk View Machine Edition Web Browser ActiveX control. The vulnerability was disclosed on October 14, 2025, affecting PanelView Plus 7 Series B version V14.100. This security issue allows unauthorized access to the device's file system, diagnostic information, and event logs (Rockwell Advisory, CISA Advisory).

The vulnerability is classified as an Improper Authorization (CWE-285) issue. It has received a CVSS v3.1 base score of 7.3 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H, and a CVSS v4.0 score of 7.0 with the vector string AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N (NVD, Rockwell Advisory).

Successful exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, and event logs (CISA Advisory, Rockwell Advisory).

Rockwell Automation has released PanelView Plus 7 Performance Series B V14.103 firmware package as a fix for this vulnerability. For users unable to update to the latest version, it is recommended to remove the Web Browser ActiveX Control as an alternative mitigation measure (Rockwell Advisory).