Rockwell Automation Analytics LogixAI

Plan PatchCVSS 8.8ICS-CERT ICSA-25-252-08Sep 9, 2025

Rockwell Automation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation Analytics LogixAI versions 3.00 and 3.01 contain a sensitive information disclosure vulnerability (CWE-497) that allows an attacker with network access to the device to read confidential data. FactoryTalk Analytics LogixAI all versions are also affected but will not receive a patch. The vulnerability requires adjacent network access and cannot be exploited remotely.

What this means

What could happen

An attacker on the same network segment as Analytics LogixAI could access sensitive manufacturing data, process parameters, and engineering information stored in the system, potentially revealing production secrets or enabling further attacks on connected control systems.

Who's at risk

Organizations using Rockwell Automation Analytics LogixAI or FactoryTalk Analytics LogixAI for manufacturing analytics and performance monitoring should review their deployments. This affects food and beverage production, automotive assembly lines, pharmaceutical manufacturing, and other process industries that rely on LogixAI for real-time production insights and troubleshooting.

How it could be exploited

An attacker must first gain access to the same network segment as Analytics LogixAI (adjacent network). From there, the attacker can directly access the vulnerable service without authentication to read sensitive information from the device's memory or storage.

Prerequisites

Network access to the same Layer 2 segment as Analytics LogixAI (not remotely exploitable)
No authentication required

no authentication requiredlow complexityaffects confidentiality of manufacturing dataFactoryTalk product line has no patch available

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

Analytics LogixAI: 3.00|3.013.00|3.013.02+

FactoryTalk Analytics LogixAIAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Analytics LogixAI to only authorized engineering and administrative staff by implementing firewall rules and VLANs

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Analytics LogixAI to version 3.02 or later

Mitigations - no patch available

0/2

FactoryTalk Analytics LogixAI has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate Analytics LogixAI and FactoryTalk Analytics LogixAI systems from business networks using network segmentation and firewalls

HARDENINGFor FactoryTalk Analytics LogixAI (unfixable product line), implement network monitoring to detect suspicious access patterns to the system

CVEs (1)

CVE-2025-9364

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/70d6380e-518c-4bdf-bdd8-ce6b68b9774d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.