Authentication Bypass Vulnerability in FactoryTalk Historian Site Edition by Rockwell Automation
CVE-2025-13036

9.2CRITICAL

Key Information:

Vendor

Rockwell Automation
Status
Factorytalk Historian Se
Vendor
CVE Published:
16 June 2026

What is CVE-2025-13036?

An authentication bypass vulnerability exists in FactoryTalk Historian Site Edition due to insufficient validation of user credentials. Attackers can exploit this issue by repeatedly sending requests to the login endpoint, which may lead to the issuance of a valid authentication token, thereby granting unauthorized access to sensitive system functionalities and data.

Affected Version(s)

FactoryTalk Historian SE v11

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.