HIGH✓ PATCH🇬🇧 English

CVE-2025-9064

CVSS 8.7v4.0pub. 2025-10-14upd. 2025-10-28

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation Factorytalk View

    APP
    Rockwellautomation
    ≤ 15.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path TraversalAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-45824CRITICAL9.2PL ✓ten sam produkt

RCE w Rockwell Automation FactoryTalk View — łańcuch path traversal, command injection i XSS

CVE-2023-2071CRITICAL9.8ten sam produkt

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input,...

CVE-2020-12029CRITICAL9.0ten sam produkt

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A ...

CVE-2025-9063HIGH7.0ten sam produkt

An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX co...

CVE-2024-37365HIGH7.0ten sam produkt

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save p...