Vulnerability in Rockwell Automation Factorytalk Historian Se

CVE-2025-13036

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.

Vulnerability class: Race Condition

Affected products

Rockwell Automation Factorytalk Historian Se — versions v11

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

PSIRT@rockwellautomation.com