CVE-2025-9364 is a high-severity vulnerability affecting Rockwell Automation's FactoryTalk® Analytics™ LogixAI® versions 3.00 and 3.01. The root cause is an over-permissive Redis instance used within the product, which exposes sensitive system information to unauthorized actors within the intranet. Redis, an in-memory data structure store, when improperly configured, can allow unauthorized access to stored data and commands. In this case, the vulnerability arises from insufficient access controls on the Redis database, enabling an attacker with network access to the internal environment to read sensitive data and potentially alter it. This exposure violates the principle of least privilege and can lead to unauthorized data disclosure and integrity compromise. The vulnerability is classified under CWE-497, which pertains to exposure of sensitive system information to an unauthorized control sphere. The CVSS v4.0 score of 8.7 (high) reflects the vulnerability's ease of exploitation (no authentication or user interaction required), the significant impact on confidentiality, integrity, and availability, and the fact that it can be exploited remotely within the intranet. Although no known exploits are currently in the wild, the vulnerability poses a serious risk to industrial control systems relying on FactoryTalk Analytics LogixAI for operational insights and automation. Attackers exploiting this flaw could gain insights into system operations, manipulate analytics data, or disrupt industrial processes, potentially leading to operational downtime or safety hazards.

For European organizations, particularly those in manufacturing, energy, and critical infrastructure sectors that utilize Rockwell Automation's FactoryTalk Analytics LogixAI, this vulnerability presents a significant risk. Unauthorized access to sensitive operational data could lead to industrial espionage, loss of intellectual property, or sabotage of automated processes. Alteration of analytics data could cause incorrect decision-making or trigger unsafe operational states. Given the reliance on automation and analytics in European Industry 4.0 initiatives, exploitation could disrupt supply chains and critical services. The intranet-based attack vector means that internal network segmentation and access controls are crucial; however, insider threats or lateral movement by attackers who have breached perimeter defenses could leverage this vulnerability. The potential impact extends to confidentiality breaches of sensitive operational data, integrity violations affecting process control, and availability impacts if the system is manipulated or destabilized. This could result in financial losses, regulatory penalties under GDPR if personal data is involved, and reputational damage.

To mitigate this vulnerability, European organizations should immediately audit and restrict access to Redis instances used by FactoryTalk Analytics LogixAI. Network segmentation should isolate the Redis service from general intranet access, limiting it to only authorized management systems. Implementing Redis authentication and enabling encryption (TLS) for Redis connections can prevent unauthorized access. Organizations should apply any patches or updates from Rockwell Automation as soon as they become available. In the absence of patches, consider disabling or replacing the vulnerable Redis instance or deploying compensating controls such as strict firewall rules and intrusion detection systems monitoring Redis traffic. Regularly review and harden configurations of all industrial control system components, including third-party analytics tools. Conduct internal penetration testing to verify that Redis instances are not accessible beyond intended scopes. Additionally, monitoring logs for unusual access patterns to Redis can provide early detection of exploitation attempts. Employee training on internal network security and insider threat awareness is also recommended.