Critical DoS Vulnerabilities Patched in Rockwell Automation Micro800 PLCs (CVE-2025-13823)

Rockwell Automation PLCs Vulnerable to Denial-of-Service Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability (CVE-2025-13823) affecting Rockwell Automation’s Micro800 series programmable logic controllers (PLCs), including the Micro820, Micro850, and Micro870 models. Successful exploitation of this flaw could lead to a denial-of-service (DoS) condition, disrupting industrial operations.

Technical Details

The vulnerability impacts the following Rockwell Automation PLC versions:

• Micro820
• Micro850
• **Micro870

While CISA’s advisory (ICSA-25-352-07) does not provide full technical specifics, the flaw is classified as a DoS risk, suggesting potential exploitation via crafted network packets or malformed input. The CSAF document contains structured vulnerability data for further analysis.

Impact Analysis

A DoS condition in industrial control systems (ICS) can halt critical processes, leading to:

• Operational downtime in manufacturing, energy, or water treatment facilities
• Safety risks if automated fail-safes are disrupted
• Financial losses due to unplanned outages

Given the widespread use of Rockwell Automation PLCs in OT environments, asset owners should prioritize patching or mitigating this vulnerability.

Recommended Actions

CISA and Rockwell Automation urge affected organizations to:

1. Apply vendor-supplied patches as soon as they become available.
2. Restrict network access to PLCs using firewalls or segmentation.
3. Monitor for unusual traffic targeting port 44818 (commonly used for EtherNet/IP communications).
4. Review CISA’s advisory (ICSA-25-352-07) for updates.

For security teams, the CSAF file provides machine-readable vulnerability details to integrate into risk assessments and patch management workflows.