Rockwell Automation Micro820, Micro850, Micro870

Published:

18 december 2025 om 12:00:00

Alert date:

18 december 2025 om 18:04:12

Source:

cisa.gov

Two high-severity vulnerabilities (CVE-2025-13823 and CVE-2025-13824) affect Rockwell Automation Micro820, Micro850, and Micro870 controllers. CVE-2025-13823 involves malformed IPv6 packets causing recoverable faults, while CVE-2025-13824 involves improper handling of malformed CIP packets causing hard faults. Both vulnerabilities can result in denial-of-service conditions. The vulnerabilities affect critical manufacturing infrastructure worldwide. Rockwell Automation has provided firmware updates and mitigation strategies including disabling IPv6 functionality and updating to newer controller versions.

Technical details

Mitigation steps:

Affected products:

Rockwell Automation Micro820
Rockwell Automation Micro850
Rockwell Automation Micro870

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-07
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-07.json
https://nvd.nist.gov/vuln/detail/CVE-2025-13823
https://nvd.nist.gov/vuln/detail/CVE-2025-13824
https://cwe.mitre.org/data/definitions/1395.html
https://cwe.mitre.org/data/definitions/763.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related CVE's:

CVE-2025-13823

CVE-2025-13824

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.