Rockwell Automation Micro800 Series Controllers CIP Packet Handling Vulnerability Leading to Unresponsive State

A vulnerability exists in Rockwell Automation's Micro820, Micro850, and Micro870 controllers due to improper handling of malformed Common Industrial Protocol (CIP) packets. This issue was identified during internal testing and can cause the controller to enter a hard fault, indicated by a solid red Fault LED, rendering it unresponsive. After a power cycle, the controller transitions to a recoverable fault state, with the MS LED and Fault LED flashing red, and reports fault code 0xF019. To recover, the fault must be cleared.

Impact

Exploitation of this vulnerability causes the controller to become unresponsive, entering a hard fault state. After a power cycle, the controller reports a recoverable fault with code 0xF019.

Remediation

Users can upgrade to Micro850/870 controllers (L50E/L70E) version 23.012. For Micro820 (LC20) controllers, version 23.011 is available. Instructions for downloading the updated firmware can be found on the Rockwell Automation Compatibility Center website.