CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9064 – Rockwell Automation FactoryTalk View Machine Edition Path Traversal
https://notcve.org/view.php?id=CVE-2025-9064
14 Oct 2025 — A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-9063 – Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-9063
14 Oct 2025 — An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9161 – Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-9161
09 Sep 2025 — A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1742.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9065 – Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2025-9065
09 Sep 2025 — A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7970 – Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability
https://notcve.org/view.php?id=CVE-2025-7970
09 Sep 2025 — A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1741.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-9364 – Rockwell Automation FactoryTalk® Analytics™ LogixAI® Exposed Redis DB
https://notcve.org/view.php?id=CVE-2025-9364
09 Sep 2025 — An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1748.html • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-8007 – Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability
https://notcve.org/view.php?id=CVE-2025-8007
09 Sep 2025 — A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1739.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-8008 – Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability
https://notcve.org/view.php?id=CVE-2025-8008
09 Sep 2025 — A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1739.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7971 – Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7971
14 Aug 2025 — A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. Existe un problema de seguridad en Studio 5000 Logix Designer debido al manejo inseguro de las variables de entorno. Si la ruta especificada no contiene un archivo válido, Logix Designer se bloquea. Sin embargo, es posible que se ejecute código malicioso s... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1734.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7033 – Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation
https://notcve.org/view.php?id=CVE-2025-7033
05 Aug 2025 — A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. Existe un problema de abuso de memoria en Rockwell Automation Arena® Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1731.html • CWE-122: Heap-based Buffer Overflow •