CVE-2025-13824
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | Micro820®, Micro850®, Micro870® | V23.011 and below | affected |
| Rockwell Automation | Micro820®, Micro850®, Micro870® | V12.013 and lower | affected |
| Rockwell Automation | Micro820®, Micro850®, Micro870® | V14.011 and lower | affected |
Weaknesses
- CWE-763: CWE-763: Release of Invalid Pointer or Reference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.