Improper input validation in Rockwell Automation Factorytalk Viewpoint
CVE-2025-9066
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (33.3th percentile) — read the EPSS interpretation.
Affected products
- Rockwell Automation Factorytalk Viewpoint — versions V14 and prior