ID
VAR-202508-1377
CVE
CVE-2025-9041
TITLE
Rockwell Automation FLEX 5000 Resource Management Error Vulnerability (CNVD-2025-19531)
Trust: 0.6
DESCRIPTION
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. The Rockwell Automation FLEX 5000 is a high-speed counter module from Rockwell Automation. The Rockwell Automation FLEX 5000 has a resource management error vulnerability. Detailed vulnerability details are not available at this time
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | rockwell | model: | automation flex | scope: | eq | version: | 5000 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-1287 | Trust: 1.0 |
PATCH
| title: | Patch for Rockwell Automation FLEX 5000 Resource Management Error Vulnerability (CNVD-2025-19531) | url: | https://www.cnvd.org.cn/patchInfo/show/722991 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-9041 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-19531 | Trust: 0.6 |
REFERENCES
| url: | https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1737.html | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-9041 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-19531 |
| db: | NVD | id: | CVE-2025-9041 |
LAST UPDATE DATE
2025-10-16T23:49:24.888000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-19531 | date: | 2025-08-28T00:00:00 |
| db: | NVD | id: | CVE-2025-9041 | date: | 2025-08-15T13:12:51.217 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-19531 | date: | 2025-08-22T00:00:00 |
| db: | NVD | id: | CVE-2025-9041 | date: | 2025-08-14T15:15:45.083 |