Rockwell Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities

Monitor7.5SD1766Dec 9, 2025

Summary

Rockwell Micro820, Micro850, and Micro870 controllers are vulnerable to specialized fuzzing attacks that trigger improper input handling. An attacker can send crafted network packets to cause a denial-of-service condition, making the device unresponsive. The vulnerability affects all firmware versions and no patch is currently available from Rockwell Automation.

What this means

What could happen

An attacker with network access to these controllers could send specially crafted packets to trigger a denial-of-service condition, halting process operations on affected production lines or utility systems.

Who's at risk

Water utilities, municipal electric utilities, and industrial manufacturers using Rockwell Micro820, Micro850, or Micro870 controllers for process automation, pump control, motor coordination, or other critical closed-loop operations should implement network controls immediately to prevent denial-of-service attacks.

How it could be exploited

An attacker on the network (or with network routing to the device) sends malformed input packets to the Micro controller's communication port. The fuzzing vulnerability causes improper input handling, leading to the device crashing or entering a non-responsive state, interrupting any active automation logic.

Prerequisites

Network access to the Micro820/Micro850/Micro870 controller on its communication port
No authentication required to trigger the vulnerability
Device must be actively running and accepting network input

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAll versions affected

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Micro820, Micro850, Micro870All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement network firewall rules to restrict inbound traffic to the Micro controller to only trusted engineering workstations and control systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDDisable unnecessary network communication ports or protocols on the Micro controller if not required for operations

HARDENINGMonitor the Micro controller for unexpected reboots or loss of communication and establish incident response procedures for rapid recovery

Mitigations - no patch available

0/1

Micro820, Micro850, Micro870 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the industrial network so Micro controllers are not directly reachable from corporate networks or untrusted sources

CVEs (2)

CVE-2025-13823 CVE-2025-13824

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6ece23c-3511-4f0a-8cf9-d94c85c2b19d