CVE-2025-13036
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in FactoryTalk Historian Site Edition

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Rockwell Automation

Description
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2025-13036
EUVD
EUVD-2025-210168
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rockwell_automation factorytalk_historian_site_edition *
rockwellautomation factorytalk_historian_site_edition to 12.00.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-13036 is an authentication bypass vulnerability in Rockwell Automation's FactoryTalk Historian Site Edition software, specifically version 11.

The issue arises from a race condition (CWE-362) where an attacker can repeatedly send requests to the login endpoint to obtain a valid authentication token without proper authentication.

This allows the attacker to bypass normal login procedures and gain unauthorized access.

Impact Analysis

This vulnerability can have a critical impact as it allows an attacker to bypass authentication controls and gain unauthorized access to the FactoryTalk Historian Site Edition system.

With a valid authentication token obtained through this bypass, an attacker could potentially access sensitive data, manipulate system operations, or disrupt normal business processes.

The vulnerability has a high severity score (CVSS 4.0 base score of 9.2), indicating a significant risk if exploited.

Detection Guidance

This vulnerability involves an attacker repeatedly sending requests to the login endpoint to obtain a valid authentication token due to a race condition.

To detect this vulnerability on your network or system, monitor for unusual or repeated login requests to the FactoryTalk Historian Site Edition login endpoint.

Commands or methods to detect this may include analyzing web server or application logs for repeated login attempts in a short time frame.

  • Use network monitoring tools (e.g., Wireshark, tcpdump) to capture and analyze traffic targeting the login endpoint.
  • Use log analysis commands such as `grep` on server logs to identify repeated POST requests to the login URL, for example: `grep -i 'POST /login' /var/log/factorytalk/access.log | awk '{print $1, $7}' | sort | uniq -c | sort -nr`.
  • Set up alerts for abnormal login request patterns or spikes in authentication attempts.
Mitigation Strategies

The primary mitigation step is to upgrade FactoryTalk Historian Site Edition to version 12.00.00 or later, where this vulnerability is corrected.

If upgrading is not immediately feasible, apply the available patch BF32850 provided by Rockwell Automation.

Additionally, monitor and restrict access to the login endpoint to reduce the risk of exploitation.

Compliance Impact

The provided information does not specify how the authentication bypass vulnerability in FactoryTalk Historian Site Edition impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13036. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart