Rockwell Automation FactoryTalk Historian Site Edition

MonitorCVSS 7.7ICS-CERT ICSA-26-169-03Jun 16, 2026

Rockwell Automation

Summary

Rockwell FactoryTalk Historian Site Edition contains multiple vulnerabilities that could allow an attacker with network access to the historian database server to compromise system integrity and availability. The vulnerabilities affect all versions of the product.

What this means

What could happen

An attacker with network access could execute commands on the historian server or modify historical process data, potentially disrupting data logging for critical operations and enabling tampering with audit records that document plant activity.

Who's at risk

Water utilities, electric utilities, and manufacturers using Rockwell FactoryTalk Historian Site Edition for process data logging and compliance record-keeping. Any facility relying on historian data for operational decisions, trend analysis, or regulatory audits is affected.

How it could be exploited

An attacker on the network can send specially crafted requests to the FactoryTalk Historian Site Edition service ports to exploit unspecified vulnerabilities. If the attacker gains access to the database server, they could run commands or alter historical data stored by the system.

Prerequisites

Network access to FactoryTalk Historian Site Edition service ports
The historian server is reachable from an untrusted network segment or the attacker has credentials to access the server

remotely exploitableno patch availableaffects OT data integrity and audit trail

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (3)

2 pending1 EOL

ProductAffected VersionsFix Status

FactoryTalk Historian Site EditionAll versionsNo fix (EOL)

FactoryTalk Historian SE: 1111No fix yet

FactoryTalk Historian SE≤ 11.00No fix yet

Remediation & Mitigation

0/5

Do now

0/3

FactoryTalk Historian Site Edition

WORKAROUNDRestrict network access to FactoryTalk Historian Site Edition ports using firewall rules; limit access to only authorized engineering workstations and SCADA servers

All products

HARDENINGDisable remote access to the historian server if not operationally required; require VPN or bastion host access for remote connections

HARDENINGEnable and review all audit logging on the historian server to detect unauthorized data modifications or command execution

Mitigations - no patch available

0/2

FactoryTalk Historian Site Edition has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the historian database server from untrusted networks and the internet

HARDENINGMonitor Rockwell Automation security advisories for future guidance or workarounds as the vendor investigates a fix

CVEs (3)

CVE-2025-13036 CVE-2025-36539 CVE-2025-44019

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b91e64e-b799-41ed-a017-2ccda80d162e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.