CVE-2025-13824

Summary

A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationMicro820®, Micro850®, Micro870®V23.011 and belowaffected
Rockwell AutomationMicro820®, Micro850®, Micro870®V12.013 and loweraffected
Rockwell AutomationMicro820®, Micro850®, Micro870®V14.011 and loweraffected

Weaknesses

  • CWE-763: CWE-763: Release of Invalid Pointer or Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References