CVE-2025-7693
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-08-18
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwell_automation | micro800 | * |
| rockwell_automation | micro870 | * |
| azure | rtos_netx_duo | 6.3.0 |
| rockwell_automation | micro850 | * |
| rockwell_automation | micro820 | * |
| azure | rtos_threadx | 6.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7693 is a security vulnerability in Rockwell Automation's Micro800 series PLCs caused by improper handling of malformed Common Industrial Protocol (CIP) Forward Close packets during fuzzing. When these malformed packets are processed, the controller enters a solid red Fault LED state and becomes unresponsive. After a power cycle, the controller enters a recoverable fault state with flashing MS and Fault LEDs and reports fault code 0xF015. Recovery requires clearing the fault. This issue is due to improper input validation. [1]
How can this vulnerability impact me? :
This vulnerability can cause the affected controller to become unresponsive and enter a fault state, disrupting industrial control processes. The controller will need to be power cycled and the fault cleared to recover, potentially causing downtime and operational interruptions. Because the vulnerability has a high severity score, it poses a significant risk to system availability and reliability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing the controller's LED indicators. Specifically, the controller will enter a solid red Fault LED state and become unresponsive when affected by malformed CIP Forward Close packets. After a power cycle, the controller will show flashing MS and Fault LEDs with fault code 0xF015. Detection involves monitoring these LED states and fault codes on the affected Micro800 series PLCs. There are no specific network commands or scanning tools mentioned to detect this vulnerability directly. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation requires upgrading the affected Micro800 series PLCs to software version V23.011 or later, where the vulnerability is fixed. No workarounds exist. If an immediate upgrade is not possible, apply security best practices to reduce exposure. Additionally, if the controller enters the fault state, recover by power cycling and clearing the fault as indicated by the flashing LEDs and fault code 0xF015. [1]