Rockwell FLEX 5000 I/O - Module Fault

Monitor7.5SD1737Aug 14, 2025

Summary

FLEX 5000 I/O modules (all versions) are vulnerable to a module fault condition that can be triggered remotely. When triggered, the I/O module enters a fault state that interrupts communication between the PLC and field sensors or actuators. No vendor patch is available for this product line.

What this means

What could happen

A module fault condition in FLEX 5000 I/O could cause unexpected I/O failures or loss of sensor/actuator communication, interrupting process monitoring and control until the fault is manually cleared.

Who's at risk

Water and electric utilities operating Rockwell FLEX 5000 I/O modules for sensor input or actuator output control should assess whether these modules monitor or control critical process parameters (pressure, flow, level, pump operation). If so, they are directly affected.

How it could be exploited

An attacker with network access to the FLEX 5000 I/O chassis could trigger a module fault condition through the communication interface, causing the I/O module to enter a fault state and drop sensor or actuator signals without operator notice.

Prerequisites

Network access to FLEX 5000 I/O communication port (likely Ethernet or proprietary interface)
Knowledge of FLEX 5000 I/O command protocol or fuzzing capability to induce fault state

remotely exploitableno patch availableaffects process control continuity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

FLEX 5000 I/OAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to FLEX 5000 I/O to only authorized engineering and supervisory systems

WORKAROUNDMonitor FLEX 5000 I/O chassis for module fault indicators and establish alerting on fault conditions so operators notice signal loss immediately

Mitigations - no patch available

0/1

FLEX 5000 I/O has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGConduct a long-term review of I/O architecture to identify whether critical analog/digital inputs can be moved to newer Rockwell products with available patches

CVEs (2)

CVE-2025-9041 CVE-2025-9042

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b7241b39-2817-4db4-b0a1-521327642047