‹ Back to ICS Advisories

Rockwell Automation FactoryTalk Analytics PavilionX

HIGH

CVSS 7.0

Date 2026-06-16T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could result in an attacker executing privileged operations.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2025-14272	7.0	high	A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.

// Remediations (2)

Patch: Rockwell Automation recommends users update FactoryTalk Analytics PavilionX software to version 7.01

Rockwell Automation recommends users update FactoryTalk Analytics PavilionX software to version 7.01 or later. The upgrade can be downloaded from the Rockwell Automation Download Center: https://www.rockwellautomation.com/en-us/support/product/product-downloads.html

Mitigation: See Rockwell Automation's SD1777 advisory for more information: https://www.rockwellautomation.com/e

See Rockwell Automation's SD1777 advisory for more information: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1777.html

Rockwell Automation FactoryTalk Analytics PavilionX

// Description

// Vulnerabilities (1)

// Remediations (2)

// References