Description
An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.
CVSS Metrics
- Vector
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- adjacent
- Complexity
- low
- Privileges
- none
- User Action
- none
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-497
Metadata
- Primary Vendor
- ROCKWELLAUTOMATION
- Published
- 9/9/2025
- Last Modified
- 9/10/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
rockwellautomation : factorytalk_analytics_logixairockwellautomation : factorytalk_analytics_logixai
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.