Improper Handling in Rockwell Automation 5094-IY8 Device
CVE-2025-9042
8.7HIGH
What is CVE-2025-9042?
A security issue arises from improper handling of requests from CIP Class 32 when the module is inhibited on the Rockwell Automation 5094-IY8 device. This can lead to a fault state, indicated by the Module LED flashing red. After un-inhibiting, the module experiences a connection fault (Code 16#0010) and requires a full power cycle to recover, impacting system reliability and operational continuity.
Affected Version(s)
FLEX 5000 I/O Version 2.011 or below