CVE-2025-9063 is an authentication bypass vulnerability classified under CWE-287, impacting Rockwell Automation's PanelView Plus 7 Performance Series B devices running version V14.00 of FactoryTalk View Machine Edition. The vulnerability resides in the Web Browser ActiveX control component, which improperly enforces authentication, allowing an attacker with low-level privileges and local access to bypass authentication mechanisms. This bypass enables unauthorized access to sensitive device resources including the file system, diagnostic information, and event logs. The vulnerability's CVSS 4.0 base score is 7.0, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no attack prerequisites (AT:N), low privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality and availability (VC:H, VA:H) but low impact on integrity (VI:L). The scope remains unchanged (S:U). No known exploits have been reported in the wild as of the publication date (October 14, 2025). The vulnerability could be exploited by an attacker who gains local access to the device, potentially through compromised internal networks or physical access. This could lead to unauthorized disclosure of sensitive operational data, disruption of device availability, and interference with industrial control processes. The lack of a patch at the time of disclosure necessitates immediate compensating controls to limit exposure. Given the critical role of PanelView Plus devices in industrial automation and manufacturing environments, exploitation could have serious operational and safety implications.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant risk. Unauthorized access to PanelView Plus 7 devices can lead to exposure of sensitive operational data, including diagnostic and event logs, which could be leveraged for further attacks or industrial espionage. The ability to access the file system may allow attackers to manipulate device configurations or disrupt normal operations, potentially causing downtime or safety incidents. Since these devices are often integrated into larger industrial control systems, compromise could cascade, affecting broader operational technology environments. The high confidentiality and availability impact could result in loss of sensitive information and interruption of critical industrial processes, which in turn may lead to financial losses, regulatory penalties, and damage to reputation. European organizations with interconnected IT and OT networks are particularly vulnerable if network segmentation and access controls are insufficient. The absence of a patch increases the urgency for proactive mitigation to prevent exploitation.

1. Restrict local access to PanelView Plus 7 devices by enforcing strict physical security controls and limiting network access to trusted personnel and systems only. 2. Implement network segmentation to isolate industrial control systems from general IT networks, reducing the risk of lateral movement by attackers. 3. Monitor device logs and network traffic for unusual access patterns or unauthorized attempts to interact with the FactoryTalk View Machine Edition Web Browser ActiveX control. 4. Apply principle of least privilege for all users and services interacting with these devices, ensuring that only necessary accounts have local access. 5. Disable or restrict use of the vulnerable ActiveX control if possible, or configure devices to minimize exposure to web-based interfaces until a vendor patch is available. 6. Maintain up-to-date inventories of affected devices and track vendor communications for patch releases or additional guidance. 7. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate similar vulnerabilities. 8. Develop and rehearse incident response plans specific to industrial control system compromises to minimize impact in case of exploitation.