{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9064","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2025-08-15T13:56:26.986Z","datePublished":"2025-10-14T12:22:36.551Z","dateUpdated":"2025-10-14T18:46:34.339Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"FactoryTalk View Machine Edition","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"V15.00 and prior"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}],"value":"A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287: Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2025-10-14T12:22:36.551Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><p>-FactoryTalk View ME V15.00 and later on ASEM 6300 IPC’s </p></div><div><p>-Patch <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.rockwellautomation.com/app/answers/answer_view/a_id/1152571\">BF31001</a>&nbsp; &nbsp;</p></div><div><p>&nbsp;</p></div><div><p>-PanelView Plus 7 Performance Series B <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&amp;mode=3&amp;refSoft=1&amp;versions=61168\">V14.103</a> firmware package &nbsp;</p></div>"}],"value":"-FactoryTalk View ME V15.00 and later on ASEM 6300 IPC’s \n\n\n\n-Patch  BF31001 https://support.rockwellautomation.com/app/answers/answer_view/a_id/1152571    \n\n\n\n \n\n\n\n-PanelView Plus 7 Performance Series B  V14.103 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx  firmware package"}],"source":{"advisory":"SD1753","discovery":"INTERNAL"},"title":"Rockwell Automation FactoryTalk View Machine Edition Path Traversal","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-14T18:46:24.670147Z","id":"CVE-2025-9064","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-14T18:46:34.339Z"}}]}}