Schneider Electric has issued a critical security advisory for its Plant iT and Brewmaxx industrial automation software, warning of a Redis use-after-free vulnerability that could allow remote code execution. The vulnerability, tracked as ProLeiT-2025-001, affects Plant iT versions 5.0 through 5.4 and Brewmaxx versions 5.0 through 5.4 when configured to use Redis as a caching database.

This isn't a flaw in Schneider Electric's proprietary code. The vulnerability exists in the Redis in-memory data structure store that these industrial automation platforms use for caching. When Redis is improperly configured or runs outdated versions, attackers can exploit memory management weaknesses to execute arbitrary code on affected systems.

Industrial control systems running Plant iT or Brewmaxx manage critical processes in food and beverage, pharmaceutical, and manufacturing facilities. Successful exploitation could allow attackers to manipulate production processes, steal proprietary formulas, or disrupt operations entirely.

Technical Details of ProLeiT-2025-001

The vulnerability stems from how Redis handles memory allocation and deallocation when processing certain commands. Use-after-free vulnerabilities occur when a program continues to use a memory pointer after it has been freed, potentially allowing attackers to manipulate memory contents and execute malicious code.

Schneider Electric's advisory confirms the vulnerability affects Plant iT versions 5.0, 5.1, 5.2, 5.3, and 5.4, along with Brewmaxx versions 5.0, 5.1, 5.2, 5.3, and 5.4. These versions represent the current generation of Schneider's industrial automation software, widely deployed across global manufacturing facilities.

The risk emerges specifically when these systems use Redis for caching purposes. Redis isn't included by default with Plant iT or Brewmaxx installations—organizations must configure it separately for performance optimization. This creates a patch management challenge: IT teams must track both the industrial software and its supporting infrastructure components.

The Redis Dependency Problem

Modern industrial software increasingly relies on open-source components like Redis for performance, scalability, and development efficiency. Redis provides lightning-fast data caching that helps Plant iT and Brewmaxx handle real-time production data from thousands of sensors and control points.

This dependency creates a security blind spot. Many industrial organizations focus their patch management efforts on proprietary software from vendors like Schneider Electric while overlooking the open-source infrastructure components those systems depend on. Redis vulnerabilities might not appear on traditional OT security scanners that only monitor proprietary industrial protocols and applications.

Schneider Electric's advisory highlights this growing challenge in industrial cybersecurity. The company states clearly that while they provide the Redis configuration guidance for their software, customers remain responsible for maintaining the Redis installation itself. This division of responsibility creates gaps where vulnerabilities can persist unpatched.

Patch Requirements and Implementation

Schneider Electric recommends immediate action for all affected installations. The patch involves updating Redis to version 7.2.5 or later, which contains fixes for the specific use-after-free vulnerability. Organizations must also apply Schneider's configuration updates for Plant iT and Brewmaxx to ensure compatibility with the patched Redis version.

The patching process requires careful planning in industrial environments. Unlike office IT systems that can be rebooted during maintenance windows, production facilities often run 24/7 with limited downtime opportunities. Schneider Electric provides detailed guidance on implementing the patch with minimal disruption, including recommendations for:

  • Testing the patch in isolated development environments first
  • Scheduling updates during planned maintenance periods
  • Verifying Redis configuration settings after update
  • Monitoring system performance post-patch for any anomalies

Organizations should also review their Redis configuration for security best practices. Default Redis installations often lack authentication and run with excessive privileges, creating additional attack surfaces beyond the specific vulnerability.

Industrial Cybersecurity Implications

ProLeiT-2025-001 represents a broader trend in operational technology security. Industrial systems increasingly incorporate IT components that bring both capabilities and vulnerabilities. The convergence of IT and OT networks means vulnerabilities in supporting infrastructure like Redis can now impact physical production processes.

This vulnerability has particular significance because Redis often sits at the intersection of IT and OT networks. It might cache data from both enterprise systems and industrial controllers, potentially giving attackers a foothold to move between traditionally separated networks.

Industrial organizations face unique challenges in addressing such vulnerabilities. Many production facilities maintain air-gapped networks or heavily segmented architectures that complicate patch deployment. Some run legacy systems that cannot be easily updated without risking production stability.

Schneider Electric's advisory acknowledges these realities by providing multiple mitigation options. For organizations that cannot immediately patch, the company recommends network segmentation to isolate Redis instances, strict firewall rules limiting Redis port access, and enhanced monitoring for suspicious Redis activity.

Best Practices for Industrial Software Security

This incident underscores several critical practices for industrial cybersecurity:

Comprehensive Asset Inventory: Organizations must maintain complete inventories of all software components in their industrial environments, including open-source dependencies like Redis. Traditional asset management systems often miss these supporting components.

Unified Patch Management: IT and OT teams need coordinated patch management processes that cover both proprietary industrial software and its supporting infrastructure. This requires breaking down organizational silos between IT and OT departments.

Configuration Hardening: Default configurations for components like Redis often prioritize performance over security. Industrial implementations should follow security hardening guides that disable unnecessary features, enable authentication, and limit network exposure.

Continuous Monitoring: Industrial networks require specialized monitoring that can detect anomalies in both proprietary industrial protocols and supporting IT infrastructure. Security teams should monitor Redis for unusual command patterns, authentication failures, or performance anomalies that might indicate exploitation attempts.

Vendor Communication Channels: Organizations should ensure they're registered to receive security advisories from all their industrial software vendors. Many miss critical updates because they don't maintain current contact information with vendors or subscribe to security notification services.

Looking Forward: Industrial Software Security Evolution

The ProLeiT-2025-001 vulnerability highlights the evolving nature of industrial cybersecurity threats. Attackers increasingly target the IT components that support industrial systems rather than attempting to exploit proprietary industrial protocols directly.

Industrial software vendors face pressure to improve their security practices around third-party dependencies. Some industry experts advocate for vendors to take greater responsibility for the entire software stack they deliver, including open-source components. Others suggest vendors should provide integrated update mechanisms that handle both proprietary software and its dependencies.

Regulatory frameworks are beginning to address these challenges. Recent industrial cybersecurity regulations in critical infrastructure sectors increasingly require organizations to maintain comprehensive software bills of materials and implement timely patch management for all software components.

For organizations running Plant iT or Brewmaxx, immediate action is required. The Redis use-after-free vulnerability represents a clear and present danger to industrial operations. While patching presents operational challenges, the alternative—leaving critical production systems vulnerable to remote code execution—poses far greater risks to safety, productivity, and business continuity.

Industrial cybersecurity teams should use this incident as an opportunity to review their entire software dependency landscape. The next vulnerability might target a different open-source component, but the fundamental challenge remains the same: securing industrial systems requires securing all their parts, not just the proprietary applications at their surface.