CVE-2025-9064 is a vulnerability classified under CWE-287 (Improper Authentication) affecting Rockwell Automation's FactoryTalk View Machine Edition (ME) software, specifically versions 15.00 and earlier. FactoryTalk View ME is widely used in industrial automation for HMI (Human Machine Interface) applications. The vulnerability arises from a path traversal flaw that allows an unauthenticated attacker on the same network segment as the affected device to delete arbitrary files within the panel's operating system. Exploitation does not require any authentication or user interaction, making it highly accessible to attackers with network access. The attacker must know the exact filenames to be deleted, which may require reconnaissance or insider knowledge. The deletion of critical system files can disrupt the availability and integrity of the industrial control system, potentially causing operational downtime or unsafe conditions. The CVSS v4.0 score of 8.7 reflects the high impact on availability and the low complexity of attack, with no privileges or user interaction needed. No patches have been published at the time of disclosure, and no known exploits have been observed in the wild. This vulnerability poses a significant risk to industrial environments, especially those relying on FactoryTalk View ME for critical process visualization and control.

For European organizations, the impact of CVE-2025-9064 can be severe, particularly in manufacturing, energy, utilities, and critical infrastructure sectors where FactoryTalk View ME is deployed. Successful exploitation can lead to deletion of essential system files, resulting in loss of availability and potential operational disruptions. This can cause production downtime, safety hazards, and financial losses. Given the lack of authentication and user interaction requirements, attackers with network access can execute attacks stealthily. The disruption of industrial control systems can also have cascading effects on supply chains and critical services. Additionally, the need for filename knowledge may limit exploitation to targeted attacks, but insider threats or advanced reconnaissance can overcome this barrier. European organizations with interconnected OT and IT networks are particularly vulnerable if network segmentation and access controls are insufficient.

1. Implement strict network segmentation to isolate FactoryTalk View ME devices from general IT networks and restrict access to trusted personnel only. 2. Employ robust network access controls such as VLANs, firewalls, and NAC (Network Access Control) to limit exposure of vulnerable devices. 3. Monitor network traffic for unusual file deletion requests or path traversal patterns targeting FactoryTalk View ME devices. 4. Conduct thorough asset inventories to identify all FactoryTalk View ME installations and assess exposure. 5. Restrict knowledge of critical filenames and system paths to minimize attacker reconnaissance success. 6. Apply principle of least privilege on network and device access to reduce attack surface. 7. Engage with Rockwell Automation for updates or patches and plan for timely deployment once available. 8. Develop incident response plans specific to industrial control system disruptions. 9. Consider deploying host-based intrusion detection or file integrity monitoring on affected panels if supported. 10. Train OT security teams on this vulnerability and signs of exploitation.