CVE-2025-9041
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper handling of CIP Class 32 requests when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state indicated by a flashing red Module LED. When the module is uninhibited, it returns a connection fault (Code 16#0010) and cannot recover without a power cycle.
How can this vulnerability impact me? :
The vulnerability can cause the affected module to enter a fault state and become non-functional until a power cycle is performed. This can lead to downtime or disruption in operations relying on the 5094-IF8 device.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately avoid inhibiting the module on the 5094-IF8 device to prevent it from entering a fault state. If the module does enter a fault state with the Module LED flashing red and returns a connection fault (Code 16#0010) upon un-inhibiting, perform a power cycle on the module to recover functionality.