Rockwell Automation FactoryTalk Policy Manager

Plan PatchCVSS 7.5ICS-CERT ICSA-25-317-09Nov 11, 2025

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk Policy Manager versions 6.51.00 and earlier contain a resource exhaustion vulnerability (CWE-404) that could allow an unauthenticated, remote attacker to cause denial of service by exhausting system resources. Successful exploitation could lead to policy manager unavailability, disrupting policy updates to connected control systems.

What this means

What could happen

An attacker could send malicious network requests to FactoryTalk Policy Manager, exhausting system resources and causing the service to become unavailable. This would disrupt policy management and potentially affect connected control systems that depend on policy updates.

Who's at risk

This affects organizations running FactoryTalk Policy Manager in manufacturing plants, refineries, utilities, and other industrial facilities where Rockwell Automation systems are used for process control and policy management. IT/OT network administrators responsible for policy distribution and control system configuration are most directly impacted.

How it could be exploited

An attacker with network access to FactoryTalk Policy Manager could send specially crafted requests that trigger resource exhaustion (CWE-404). No authentication is required, and the attack is remotely exploitable over the network. The attacker does not need valid credentials or special configuration knowledge.

Prerequisites

Network access to FactoryTalk Policy Manager service port
No credentials or authentication required

remotely exploitableno authentication requiredlow complexityaffects policy management for control systems

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

FactoryTalk Policy ManagerAll versionsNo fix (EOL)

FactoryTalk Policy Manager: <=6.51.00≤ 6.51.006.60.00

Remediation & Mitigation

0/4

Do now

0/2

FactoryTalk Policy Manager

HARDENINGIsolate FactoryTalk Policy Manager from business networks and the internet using a firewall or DMZ

WORKAROUNDRestrict network access to FactoryTalk Policy Manager to only authorized engineering workstations and administrative systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

FactoryTalk Policy Manager

HOTFIXUpdate FactoryTalk Policy Manager to version 6.60.00 or later

Mitigations - no patch available

0/1

FactoryTalk Policy Manager has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to prevent untrusted systems from reaching FactoryTalk Policy Manager

CVEs (1)

CVE-2024-22019

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3c96d95f-2131-4079-9d61-32e8ad68d8ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.