Improper Request Handling in Rockwell Automation's 5094-IF8 Device
CVE-2025-9041
8.7HIGH
What is CVE-2025-9041?
A security issue has been identified in Rockwell Automation's 5094-IF8 device, stemming from the incorrect management of CIP Class 32's requests when the module is in an inhibited state. This flaw causes the device to enter a fault state, indicated by a flashing red Module LED. Upon un-inhibiting, the module fails to recover, resulting in a connection fault (Code 16#0010), and necessitates a complete power cycle for restoration.
Affected Version(s)
FLEX 5000 I/O Version 2.011 or below