Rockwell Automation FactoryTalk Historian Site Edition

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system.

CVEs (3)

Remediations

• Rockwell Automation recommends the following: Mitigations and Workarounds for CVE-2025-13036: Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices and consider applying the available patch (BF32850) for their current version (https://support.rockwellautomation.com/app/answers/answer_view/a_id/1157978/loc/en_US).
• For more information, see Rockwell Automation Security Advisory SD1773 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html)
• Mitigations and Workarounds for CVE-2025-36539 & CVE-2025-44109: Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices and also consider the following: Monitor liveness of PI Network Manager and PI Archive Subsystem services. Set the PI Network Manager and PI Archive Subsystem services to automatically restart. Limit port 5450 access to trusted workstations and software. For a list of PI System firewall port requirements, see knowledge base article KB01162 - Firewall Port Requirements. For a starting point on PI system security best practices, see knowledge base article KB00833 - Best practices for securing your PI Server.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing