Rockwell FactoryTalk ViewPoint XML External Entity Flaw
🔒 Rockwell Automation reported a FactoryTalk ViewPoint XML External Entity (XXE) vulnerability (CVE-2025-9066) that can be exploited remotely with low attack complexity to induce a temporary denial-of-service via crafted SOAP requests. Affected devices include PanelView Plus 7 terminals (version 14 and prior). Rockwell released firmware fixes and patches, and CISA recommends minimizing network exposure, isolating control networks, and applying vendor updates promptly. The vulnerability is scored CVSS v4 8.7 (CVSS v3.1 7.5).
