HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Authentication Bypass and DoS Flaws in Rockwell Automation FactoryTalk Historian SE (CVE‑2025‑13036, CVE‑2025‑44019, CVE‑2025‑36539)

Rockwell Automation disclosed three CVEs affecting FactoryTalk Historian Site Edition that enable authentication token theft, denial‑of‑service, or system crash. For organizations subject to SOC 2, the flaws highlight gaps in access‑control and availability controls that must be documented and continuously monitored.

LiveThreat™ Intelligence · 📅 June 18, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
cisa.gov

Critical Authentication Bypass and DoS Flaws in Rockwell Automation FactoryTalk Historian SE (CVE‑2025‑13036, CVE‑2025‑44019, CVE‑2025‑36539)

What It Is — Three high‑severity vulnerabilities in Rockwell Automation’s FactoryTalk Historian Site Edition allow an attacker to repeatedly query the login endpoint to obtain a valid authentication token, trigger denial‑of‑service conditions, or crash the application.

Exploitability — Publicly disclosed; proof‑of‑concept requests have been demonstrated. CVSS v3 base score 7.7 (High). No known active exploit‑as‑a‑service, but the attack surface is reachable from network‑connected environments.

Affected Products — Rockwell Automation FactoryTalk Historian Site Edition version 11 and any version ≤ 11.00 (CVE‑2025‑13036, CVE‑2025‑44019, CVE‑2025‑36539).

Why It Matters for Compliance & Audit Readiness

  • SOC 2’s Security principle requires documented controls over authentication and system availability; these flaws expose gaps that auditors will probe.
  • Continuous control monitoring can surface unpatched vulnerabilities before they become audit findings, providing evidence of due‑diligence.
  • Demonstrating a formal remediation workflow (patch management, configuration hardening) satisfies the Change Management and Risk Management criteria of the Trust Services Criteria.

Recommended Actions

  • Apply Rockwell’s latest patches for the three CVEs immediately.
  • Verify that multi‑factor authentication is enforced for all remote access to Historian SE.
  • Update your control mapping to include “Authentication Token Validation” and “ICS Service Availability” controls, and capture patch‑install evidence in your compliance repository.
  • Conduct a targeted penetration test on the Historian SE environment to confirm remediation.

Source: CISA Advisory – ICSA‑26‑169‑03

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →