Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities_CVE-2025-13824

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.

AI Analysis

Improper handling of malformed CIP packets during fuzzing leads to a hard fault and unresponsiveness in the controller.

Basic Information

ID CVE-2025-13824

Source Rockwell

Published Dec 15, 2025 at 15:20

Modified Dec 15, 2025 at 17:09

Affected Product

Vendor Rockwell Automation

Product Micro820®, Micro850®, Micro870®

Version V23.011 and below

Affected Versions Rockwell Automation Micro820®, Micro850®, Micro870® V23.011 and below
Rockwell Automation Micro820®, Micro850®, Micro870® V12.013 and lower
Rockwell Automation Micro820®, Micro850®, Micro870® V14.011 and lower

CWE Classification

CWE-763

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Rockwell Automation

Product Micro820, Micro850, Micro870

Version V23.011 and below, V12.013 and lower, V14.011 and lower

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1766.html

{
    "lastseen": "",
    "description": "A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code\u202f0xF019. To recover,\u202fclear the fault.",
    "published": "2025-12-15T15:20:52.952Z",
    "modified": "2025-12-15T17:09:43.346Z",
    "type": "cve",
    "title": "Micro820\u00ae, Micro850\u00ae,  Micro870\u00ae \u2013 Specialized Fuzzing Vulnerabilities",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1766.html",
    "id": "CVE-2025-13824",
    "bulletinFamily": "",
    "cwe": [
        "CWE-763"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Micro820\u00ae, Micro850\u00ae,  Micro870\u00ae V23.011  and below\nRockwell Automation Micro820\u00ae, Micro850\u00ae,  Micro870\u00ae V12.013 and lower\nRockwell Automation Micro820\u00ae, Micro850\u00ae,  Micro870\u00ae V14.011 and lower",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Micro820\u00ae, Micro850\u00ae,  Micro870\u00ae",
    "version": "V23.011  and below",
    "vendor": "Rockwell Automation",
    "ai_description": "Improper handling of malformed CIP packets during fuzzing leads to a hard fault and unresponsiveness in the controller.",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "Micro820, Micro850, Micro870",
    "ai_version": "V23.011 and below, V12.013 and lower, V14.011 and lower",
    "ai_score": 8.7
}