Factorytalk Historian Se
Monthly
Authentication bypass in Rockwell Automation FactoryTalk Historian Site Edition allows remote attackers to obtain a valid authentication token by repeatedly hammering the login endpoint, exploiting a race condition (CWE-362) in the authentication flow. The flaw carries a CVSS 4.0 score of 9.2 with network attack vector and no privileges required, though successful exploitation depends on winning a timing window (AT:P). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.
Authentication bypass in Rockwell Automation FactoryTalk Historian Site Edition allows remote attackers to obtain a valid authentication token by repeatedly hammering the login endpoint, exploiting a race condition (CWE-362) in the authentication flow. The flaw carries a CVSS 4.0 score of 9.2 with network attack vector and no privileges required, though successful exploitation depends on winning a timing window (AT:P). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.