OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Policy Manager

Plan Patch7.5ICS-CERT ICSA-25-317-09Nov 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk Policy Manager versions 6.51.00 and earlier contain a denial of service vulnerability (CWE-404) that could lead to resource exhaustion. The vulnerability is remotely exploitable with no authentication required and low attack complexity.

What this means
What could happen
An attacker could cause the FactoryTalk Policy Manager service to become unavailable by exhausting system resources, disrupting policy enforcement and potentially affecting coordinated control of connected industrial devices and systems.
Who's at risk
This affects organizations using Rockwell Automation FactoryTalk Policy Manager in manufacturing plants, water treatment facilities, and utilities that rely on this software for policy and security management across their operational technology networks.
How it could be exploited
An attacker can send specially crafted network requests to the FactoryTalk Policy Manager (port or service endpoint) to trigger resource exhaustion. No authentication or credentials are required. The attack can be performed from any network that has reachability to the Policy Manager service.
Prerequisites
  • Network access to the FactoryTalk Policy Manager service endpoint
  • No credentials required
remotely exploitableno authentication requiredlow complexityaffects policy management systems that control access to OT devices
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Policy Manager: <=6.51.00≤ 6.51.006.60.00
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to FactoryTalk Policy Manager service from business networks using firewall rules; policy management should be accessible only from authorized engineering workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FactoryTalk Policy Manager to version 6.60.00 or later
Long-term hardening
0/1
HARDENINGSegment FactoryTalk Policy Manager onto a protected OT network, isolated from internet-facing and general business networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3c96d95f-2131-4079-9d61-32e8ad68d8ed