Rockwell FactoryTalk® Analytics™ LogixAI® Exposed Redis DB
Plan Patch8.8SD1748Sep 9, 2025
Summary
FactoryTalk Analytics LogixAI exposes its backend Redis database without adequate access controls. The Redis database stores operational data including production metrics, process parameters, and historical logs. An unauthenticated attacker with network access to the Redis port can read, modify, or delete this sensitive data without any credentials. This affects all versions of FactoryTalk Analytics LogixAI.
What this means
What could happen
An attacker with network access to the Redis database could read, modify, or delete sensitive operational data stored by FactoryTalk Analytics LogixAI, including production metrics, process parameters, and historical logs. This could lead to loss of visibility into plant operations, data corruption, or disruption of analytics-driven decision-making.
Who's at risk
Manufacturing facilities and process automation operations using FactoryTalk Analytics LogixAI for real-time monitoring and predictive analytics. This affects all organizations using this platform for production data storage and analysis, including automotive, chemical, food and beverage, and discrete manufacturing plants.
How it could be exploited
An attacker must reach the exposed Redis database port on the network where FactoryTalk Analytics LogixAI is deployed. Redis typically runs on port 6379 without authentication by default. Once connected, the attacker can execute Redis commands to read sensitive operational data or corrupt the database contents without any credentials required.
Prerequisites
- Network access to the Redis port (default 6379) where FactoryTalk Analytics LogixAI is running
- No authentication credentials required if Redis is using default configuration
- The Redis database must be exposed or reachable from the attacker's network segment
Remotely exploitableNo authentication requiredNo patch availableAffects all software versionsExposed database containing operational data
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Analytics LogixAIAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDImmediately implement network segmentation and firewall rules to restrict access to the Redis port (6379) to only authorized engineering workstations and systems that require direct access
HARDENINGEnable Redis authentication by configuring a strong password in the Redis configuration file (requirepass directive) if the vendor has documented this capability
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGImplement network monitoring and logging to detect unauthorized connection attempts to the Redis port
WORKAROUNDContact Rockwell Automation to inquire about a timeline for a security patch or alternative products with better access controls
Mitigations - no patch available
0/1FactoryTalk Analytics LogixAI has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGReview network architecture to isolate FactoryTalk Analytics LogixAI systems behind a DMZ or dedicated analytics network segment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1c57fbad-b184-457b-96b6-7c4e8c683c2a