Improper input validation in Rockwell Automation Factorytalk Viewpoint

CVE-2025-9066

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (33.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References