CVE-2025-13823
IPv6 Malformed Packet Fault Vulnerability in Micro850/870 Controllers
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwell_automation | micro820 | * |
| rockwell_automation | micro850 | * |
| rockwell_automation | micro870 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability (CVE-2025-13823) exists in the IPv6 stack of the Micro850 and Micro870 controllers. When these controllers receive multiple malformed IPv6 packets during fuzzing, they enter a recoverable fault state with fault code 0xFE60. The fault can be cleared to recover the controller. It is caused by a dependency on a vulnerable third-party component and has a CVSS 4.0 base score of 7.1, indicating a high severity. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the affected Micro850 and Micro870 controllers to enter a recoverable fault state, temporarily disrupting their operation. This could lead to downtime or interruption in the control processes managed by these PLCs until the fault is cleared. Disabling IPv6 functionality if not required or updating to the fixed firmware version V23.012 can mitigate this impact. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Micro850 and Micro870 controllers for the recoverable fault state with fault code 0xFE60, which occurs when the controllers receive multiple malformed IPv6 packets. Detection involves checking the controller's fault status and logs for this specific fault code. Additionally, network monitoring tools can be used to identify malformed IPv6 packets targeting these controllers. Specific commands are not provided in the resources, but checking the controller's fault codes and network traffic for malformed IPv6 packets is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the firmware of affected Micro850 and Micro870 controllers to version V23.012 or later, where the vulnerability is fixed. If firmware upgrade is not immediately possible, disabling IPv6 functionality on the controllers is recommended if IPv6 is not required. Additionally, clearing the fault condition (fault code 0xFE60) will recover the controller from the fault state. Following Rockwell Automationβs security best practices is also advised. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources and context do not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.