CVE-2025-13823

Vulnerability

Overview

CVE-2025-13823 is a security issue in the IPv6 stack of Rockwell Automation Micro850 and Micro870 programmable logic controllers (PLCs). When the controllers receive multiple malformed IPv6 packets during fuzzing, they enter a recoverable fault state with fault code 0xFE60. The root cause is a dependency on a vulnerable third-party component (CWE-1395) that mishandles specially crafted network traffic [1].

Exploitation

Conditions

An attacker can trigger the fault by sending a series of malformed IPv6 packets to the controller over the network. The advisory does not specify authentication requirements, suggesting that the vulnerability may be exploitable without prior access, as long as the attacker can reach the controller's IPv6 interface. The attack does not require high complexity or special privileges, making it a practical vector for disrupting controller operations [1].

Impact

Successful exploitation causes the controller to halt normal operation and enter a recoverable fault. The controller must be manually recovered by clearing the fault, which can lead to production downtime and require physical or remote intervention. The CVSS 3.1 base score is 6.5 (Medium), while CVSS 4.0 rates it 7.1 (High), reflecting the potential for denial of service in industrial environments [1].

Mitigation

Rockwell Automation has released firmware version V23.012 for the affected Micro850/870 (L50E/L70E) catalog numbers to address this vulnerability. Users are advised to update to the corrected firmware. As a temporary workaround, operators can clear the fault code 0xFE60 to restore normal operation. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the advisory publication [1].