CVE-2025-13036

N/A

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following ve...

Affects 0 products across 1 vendor.

CVSS v49.2
EPSS0.3%
Percentile21th
PatchUnknown
CWE Weakness Definitions
CWE-362: Race Condition

Software behavior depends on event timing that is not enforced, allowing attackers to exploit the timing window.

◆ SAGE Intelligence — CITED Relevance Research Team

Rockwell Automation FactoryTalk Historian Site Edition (SE) version 11 and earlier contains multiple vulnerabilities that allow attackers to obtain valid authentication tokens, cause denial of service, or crash the historian system. Successful exploitation could disrupt historical process data collection critical to OT operations, enable unauthorized access to industrial historian data, and potentially cascade to affect process visibility and compliance reporting. Given the CVSS vendor score of 7.7 and the role historian servers play in OT environments, this represents a high-priority patching target.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2025-13036?
Rockwell Automation FactoryTalk Historian Site Edition (SE) version 11 and earlier contains multiple vulnerabilities that allow attackers to obtain valid authentication tokens, cause denial of service, or crash the historian system. Successful exploitation could disrupt historical process data collection critical to OT operations, enable unauthorized access to industrial historian data, and potentially cascade to affect process visibility and compliance reporting. Given the CVSS vendor score of
Is CVE-2025-13036 actively exploited?
No confirmed active exploitation of CVE-2025-13036 as of 2026-06-24.
How do I remediate CVE-2025-13036?
No fixed version string has been publicly disclosed at time of analysis. Monitor Rockwell Automation's security advisory portal and CISA ICS-CERT advisories for patch availability. Apply patches to FactoryTalk Historian SE immediately upon release. Advisory: https://www.rockwellautomation.com/en-us/support/advisory.html
What systems are affected by CVE-2025-13036?
CVE-2025-13036 affects: Rockwell Automation.
Vulnerability Details
CVE IDCVE-2025-13036
Published2026-06-18
Last Modified2026-06-18
ICS Relevance65%
Weakness (CWE)
SourceNVD
Official Description

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Autom

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Rockwell Automation &mdash;
Remediation

No fixed version string has been publicly disclosed at time of analysis. Monitor Rockwell Automation's security advisory portal and CISA ICS-CERT advisories for patch availability. Apply patches to FactoryTalk Historian SE immediately upon release.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 24 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine MEDIUM CONFIDENCE

Block all inbound connections to FactoryTalk Historian SE server ports (default TCP 5450, 5468, and any PI/AF ports in use) from all sources except explicitly authorized engineering workstations and SCADA servers. Deploy rules on perimeter firewalls, OT DMZ firewalls, and host-based firewalls on the Historian server itself. Implement rate-limiting on authentication endpoints to detect token harvesting attempts.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Rockwell Automation
CVE-2017-16740 10.0 A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley M... CVE-2012-4715 10.0 Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise C... CVE-2009-3739 10.0 Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix... CVE-2016-9343 10.0 An issue was discovered in Rockwell Automation Logix5000 Programmable Automat... CVE-2020-14516 10.0 In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.1...
View all Rockwell Automation CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →