OTPulse
FeedAboutContact

Rockwell Automation Analytics LogixAI

Plan Patch8.8ICS-CERT ICSA-25-252-08Sep 9, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Rockwell Automation Analytics LogixAI versions 3.00 and 3.01 contain a vulnerability (CWE-497) that could allow an attacker with network access to the device to access sensitive information. The vulnerability is not remotely exploitable.

What this means
What could happen
An attacker with network access to Analytics LogixAI could view sensitive data stored on the device, potentially compromising process control information or operational details.
Who's at risk
This affects organizations running Rockwell Automation Analytics LogixAI for process data analysis and monitoring. Water utilities and electric utilities using LogixAI for SCADA data analytics or operational insights are most at risk. Manufacturing and batch process facilities relying on LogixAI for real-time monitoring should prioritize patching.
How it could be exploited
An attacker must be on the same local network segment as the Analytics LogixAI device. With access to that network, they can exploit the vulnerability to read sensitive information from the device without needing valid credentials or user interaction.
Prerequisites
  • Adjacent network access (same network segment as the device)
  • No authentication required
  • Device must be reachable from the attacker's location on the network
No authentication requiredLow complexity attackSensitive data exposureAffects analytics and monitoring systemsRequires adjacent network access only
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Analytics LogixAI: 3.00|3.013.00|3.013.02 and later
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDIf upgrade is not immediately possible, isolate Analytics LogixAI behind a firewall and restrict network access to only authorized engineering workstations and control systems
HARDENINGEnsure Analytics LogixAI is not directly accessible from the internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Analytics LogixAI to version 3.02 or later
Long-term hardening
0/1
HARDENINGSegment the network so that Analytics LogixAI is on a separate VLAN from business networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/70d6380e-518c-4bdf-bdd8-ce6b68b9774d