ROCKWELL Automation has released patches for multiple vulnerabilities affecting its industrial control system products, urging operators to apply updates immediately. The advisories cover flaws in FactoryTalk Historian, FLEX I/O adapters and related software as detailed in the vendor’s security notice.
The most severe flaw, tracked as CVE-2025-13036, carries a CVSS score of 9.2 and represents an authentication bypass in FactoryTalk Historian that could let an attacker view or alter historical data without credentials. Successful exploitation could expose proprietary process information and facilitate further network moves.
A second high‑impact issue, CVE-2026-0647, scores 8.8 and affects FLEX I/O adapters, allowing an unauthenticated user to change the device’s web interface password and potentially lock out legitimate administrators. This could disrupt monitoring and control functions on the shop floor.
The Rockwell advisory also notes additional patched issues, including denial‑of‑service vectors in Logix and CompactLogix controllers, an API authorization problem in FactoryTalk Analytics PavilionX and an older DoS flaw in RSLinx, though none of these have been observed in active exploitation to date.
While no threat actors have been linked to these vulnerabilities, the severity of the flaws means that any internet‑exposed ICS asset could become a target for opportunistic actors seeking to manipulate processes or cause downtime. Operators are advised to review network segmentation and restrict remote access to the affected components.
Defenders should prioritize applying the patches from the Rockwell advisory, change default passwords on FLEX I/O adapters after the update, and verify that authentication enforcement is active on FactoryTalk Historian instances. Monitoring logs for abnormal login attempts or configuration changes can help detect any post‑exploitation activity.