Rockwell Automation released a critical security update addressing a missing authorization vulnerability in FactoryTalk Analytics PavilionX versions prior to 7.01. An unauthenticated attacker with network access could exploit improper API endpoint authorization to execute privileged operations including user and role management. Organizations should immediately upgrade to version 7.01 or later and isolate control system networks from internet exposure.

Why it matters in Western Canada: Energy, oil and gas, and manufacturing sectors across Western Canada that deploy Rockwell Automation industrial control systems are at risk if running vulnerable versions. This vulnerability could enable unauthorized administrative access to critical operational technology systems.

CVEs: CVE-2025-14272

---

Summary generated from the original advisory. Read the full source: cisa-advisories