Rockwell Automation Micro800 Series CIP Forward Close Packet Handling Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Rockwell Automation's Micro800 series controllers. This issue arises from improper processing of malformed CIP Forward Close packets, which can cause the controller to become unresponsive and display a solid red Fault LED. After a power cycle, the controller enters a recoverable fault state, with the MS LED and Fault LED flashing red, and reports fault code 0xF015. To recover, the fault must be cleared.

Impact

Exploitation of this vulnerability causes the controller to enter a solid red Fault LED state, becoming unresponsive. After a power cycle, the controller flashes red on the MS and Fault LEDs, indicating a recoverable fault with fault code 0xF015.

Remediation

Users are advised to update to Micro850 L50E version 23.011 and later or Micro870 L70E version 23.011 and later. If an upgrade is not possible, apply security best practices.