CISA Warns of Three Vulnerabilities in Rockwell Automation FactoryTalk Historian Site Edition
CISA disclosed three vulnerabilities in Rockwell Automation FactoryTalk Historian Site Edition, including an authentication bypass and two denial-of-service flaws, with patches available.
CISA has published an advisory detailing three vulnerabilities in Rockwell Automation FactoryTalk Historian Site Edition, a data historian software used in critical manufacturing sectors worldwide. The flaws include an authentication bypass (CVE-2025-13036) and two uncaught exception vulnerabilities (CVE-2025-44019 and CVE-2025-36539) that could allow denial-of-service attacks.
The most severe vulnerability, CVE-2025-13036, carries a CVSS v3.1 score of 7.7 and a CVSS v4.0 score of 9.2 (critical). It allows an unauthenticated attacker to obtain a valid authentication token by repeatedly sending requests to the login endpoint. This race condition (CWE-362) could enable unauthorized access to the system.
The other two vulnerabilities, CVE-2025-44019 and CVE-2025-36539, both have CVSS v3.1 scores of 7.1. They are uncaught exception flaws (CWE-248) in AVEVA PI Data Archive products that allow an authenticated user to crash PI Data Archive subsystems, potentially causing data loss from snapshots or write cache.
Affected versions include FactoryTalk Historian SE 11 (for CVE-2025-13036) and FactoryTalk Historian SE versions up to and including 11.00 (for the other two). Rockwell Automation has released patches via Security Advisory SD1773. For CVE-2025-13036, a patch (BF32850) is available. For the DoS flaws, mitigations include monitoring service liveness, setting automatic restarts, and limiting port 5450 access.
CISA recommends users minimize network exposure for control system devices, isolate control networks from business networks, and use VPNs for remote access. The vulnerabilities affect critical manufacturing infrastructure globally, with Rockwell Automation headquartered in the United States.
These disclosures highlight ongoing risks in industrial control systems, where authentication bypass and DoS flaws can disrupt operations. Organizations using FactoryTalk Historian should apply patches promptly and follow CISA's recommended practices to reduce exploitation risk.