Rockwell Automation has issued an urgent security advisory warning industrial operators about two critical vulnerabilities affecting FactoryTalk View Machine Edition (ME) and PanelView Plus 7 human-machine interface (HMI) systems. These high-severity flaws, designated CVE-2025-9063 and CVE-2025-9064, pose significant risks to industrial control systems and manufacturing operations worldwide.

Critical Vulnerabilities in Industrial HMIs

The newly discovered vulnerabilities affect Rockwell Automation's widely deployed HMI solutions used across manufacturing, energy, water treatment, and critical infrastructure sectors. CVE-2025-9063 is classified as a buffer overflow vulnerability with a CVSS score of 8.8, while CVE-2025-9064 involves improper input validation with a CVSS score of 7.5. Both vulnerabilities can be exploited remotely without authentication, making them particularly dangerous for industrial networks.

According to security researchers, successful exploitation could allow attackers to execute arbitrary code, crash systems, or gain unauthorized access to industrial control systems. The affected products include:

  • FactoryTalk View ME Station versions 9.0 through 12.0
  • PanelView Plus 7 terminals running FactoryTalk View ME
  • Various legacy PanelView Plus models

Technical Details of the Vulnerabilities

CVE-2025-9063: Buffer Overflow Vulnerability

This critical vulnerability stems from improper bounds checking when processing specially crafted network packets. Attackers can send malicious packets to vulnerable systems, causing buffer overflow conditions that may lead to remote code execution. The vulnerability affects the communication protocols used by FactoryTalk View ME for data exchange between HMIs and programmable logic controllers (PLCs).

Key characteristics:
- CVSS Score: 8.8 (High)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Impact: Code execution, system compromise

CVE-2025-9064: Input Validation Vulnerability

This vulnerability involves improper validation of user-supplied input in the HMI runtime environment. Attackers can exploit this flaw by sending specially crafted data that bypasses security checks, potentially leading to denial of service conditions or unauthorized access to system resources.

Key characteristics:
- CVSS Score: 7.5 (High)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Impact: System disruption, unauthorized access

Industrial Impact and Risk Assessment

The discovery of these vulnerabilities has sent shockwaves through the industrial automation community. HMIs serve as the primary interface between human operators and industrial processes, making them critical components in manufacturing, energy production, and infrastructure management.

Potential consequences of exploitation include:

  • Production line shutdowns in manufacturing facilities
  • Disruption of critical infrastructure operations
  • Unauthorized manipulation of industrial processes
  • Theft of proprietary manufacturing data
  • Safety system compromises in hazardous environments

Industrial security experts emphasize that these vulnerabilities are particularly concerning because they affect systems that typically have long lifecycles and may not receive regular security updates. Many industrial networks operate under the assumption of "air-gapped" security, but these vulnerabilities demonstrate that even isolated systems can be compromised through various attack vectors.

Mitigation Strategies and Immediate Actions

Rockwell Automation has released security patches and updated firmware to address both vulnerabilities. Organizations using affected systems should implement the following mitigation measures immediately:

Patch Deployment

Primary mitigation: Install the latest security updates provided by Rockwell Automation. The company has released updated versions of FactoryTalk View ME and firmware updates for PanelView Plus 7 terminals that address both vulnerabilities.

Patch availability:
- FactoryTalk View ME version 12.0.1 and later
- PanelView Plus 7 firmware version 7.0.2 and later
- Updated versions for affected legacy products

Network Security Measures

While patching is the recommended solution, organizations should also implement additional network security controls:

  • Segment industrial control system networks from corporate networks
  • Implement firewall rules to restrict access to HMI systems
  • Use virtual private networks (VPNs) for remote access
  • Deploy intrusion detection systems monitoring industrial protocols
  • Conduct regular network vulnerability assessments

Defense-in-Depth Strategies

Security professionals recommend a layered approach to industrial cybersecurity:

  • Network segmentation: Isolate critical control systems
  • Access controls: Implement strict authentication and authorization
  • Monitoring: Deploy security information and event management (SIEM) systems
  • Backup and recovery: Maintain current backups and disaster recovery plans
  • Security training: Educate operational technology staff on cybersecurity best practices

Industry Response and Expert Recommendations

The industrial cybersecurity community has responded swiftly to these vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in its Known Exploited Vulnerabilities Catalog, emphasizing the urgency of patching.

Security experts recommend:

  • Conduct immediate vulnerability assessments of all Rockwell HMI systems
  • Prioritize patching based on criticality and exposure
  • Test patches in non-production environments before deployment
  • Maintain comprehensive asset inventories of industrial control systems
  • Develop and practice incident response plans specific to operational technology

Long-term Industrial Security Considerations

These vulnerabilities highlight broader challenges in industrial cybersecurity:

Legacy System Management

Many industrial environments operate equipment with long lifecycles, often exceeding 10-15 years. This creates challenges for maintaining security in systems that may no longer receive regular updates or were designed before modern cybersecurity threats emerged.

Supply Chain Security

The interconnected nature of modern industrial systems means vulnerabilities in one component can affect entire production ecosystems. Organizations must consider security throughout their supply chains and partner networks.

Convergence of IT and OT Security

As industrial systems become more connected, the traditional separation between information technology (IT) and operational technology (OT) security is blurring. Organizations need integrated security strategies that address both IT and OT requirements.

Regulatory and Compliance Implications

Organizations in regulated industries face additional considerations:

  • Critical infrastructure operators must comply with sector-specific security requirements
  • Manufacturing facilities may need to demonstrate due diligence in addressing known vulnerabilities
  • International operations must consider varying regulatory requirements across jurisdictions

Failure to address known vulnerabilities could have legal and regulatory consequences, particularly for organizations operating critical infrastructure or handling sensitive data.

Future Outlook and Preparedness

The discovery of CVE-2025-9063 and CVE-2025-9064 serves as a reminder that industrial control systems remain attractive targets for cyber attackers. Organizations should view this incident as an opportunity to strengthen their overall industrial cybersecurity posture.

Recommended long-term actions:

  • Establish regular vulnerability management programs for industrial systems
  • Participate in information sharing and analysis centers (ISACs) for threat intelligence
  • Conduct regular security assessments and penetration testing
  • Develop cybersecurity incident response capabilities specific to operational technology
  • Invest in security monitoring tools designed for industrial environments

Conclusion: Urgent Action Required

The Rockwell HMI vulnerabilities represent a clear and present danger to industrial operations worldwide. While the immediate priority is patching affected systems, organizations should also use this opportunity to reassess their overall industrial cybersecurity strategy. The interconnected nature of modern manufacturing and critical infrastructure means that vulnerabilities in one system can have cascading effects across entire ecosystems.

Industrial operators should act immediately to assess their exposure, deploy available patches, and implement additional security controls. The window for proactive defense is closing as threat actors become aware of these vulnerabilities and develop exploitation tools. The time to secure industrial HMIs is now, before these vulnerabilities become the next major industrial cybersecurity incident.