Improper Request Handling in Rockwell Automation's 5094-IF8 Device
CVE-2025-9041

8.7HIGH

Key Information:

Vendor
CVE Published:
14 August 2025

What is CVE-2025-9041?

A security issue has been identified in Rockwell Automation's 5094-IF8 device, stemming from the incorrect management of CIP Class 32's requests when the module is in an inhibited state. This flaw causes the device to enter a fault state, indicated by a flashing red Module LED. Upon un-inhibiting, the module fails to recover, resulting in a connection fault (Code 16#0010), and necessitates a complete power cycle for restoration.

Affected Version(s)

FLEX 5000 I/O Version 2.011 or below

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.