ROCKWELL Automation has announced vulnerabilities in its FactoryTalk Historian and FLEX I/O devices, urging critical manufacturing operators to patch immediately. The most severe issue in the FactoryTalk Historian, identified as CVE-2025-13036, is an authentication bypass allowing attackers to gain unauthorized access to sensitive data. Other identified flaws could lead to denial-of-service conditions.
In the FLEX I/O adapters, a major vulnerability (CVE-2026-0647) enables unauthenticated users to change the device's web interface password, potentially locking out legitimate users. The advisories emphasize the urgent need for operational technology defenders to prioritize remediation and implement access restrictions.