CISA 2026-06-18

Rockwell Automation FactoryTalk Historian Site Edition

Machine-generated analysis · WAYSCloud LLM

The advisory identifies a race condition that could allow attackers to obtain a valid authentication token by repeatedly sending requests to the login endpoint.

Context

FactoryTalk Historian Site Edition is a data historian software used in industrial environments to collect and manage process data. The advisory states that CVE-2025-13036 allows authentication bypass via repeated login requests, leading to potential unauthorized access. Two additional vulnerabilities (CVE-2025-44019 and CVE-2025-36539) are noted but lack detailed descriptions in the provided text. The product is deployed worldwide and is used in critical manufacturing.

Operator considerations

Check: Determine if FactoryTalk Historian SE version 11 or earlier is in use.
Patch: Apply the available patch (BF32850) or upgrade to a corrected version as recommended by Rockwell Automation.
Log: Monitor login attempts for repeated or unusual patterns that may indicate exploitation attempts.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system.

The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected:

FactoryTalk Historian SE 11 (CVE-2025-13036)

FactoryTalk Historian SE

Read the full advisory on CISA →