04-07-2024NewsroomVulnerability / Critical Infrastructure

Microsoft Discovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be exploited by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition.

“The remote code execution vulnerability in PanelView Plus involves two custom classes that could be exploited to upload and load a malicious DLL onto the device,” security researcher Yuval Gordon said.

“The DoS vulnerability leverages the same custom class to send a crafted buffer that the device cannot properly handle, leading to a DoS attack.”

Cyber ​​Security

The list of shortcomings is as follows:

  • CVE-2023-2071 (CVSS Score: 9.8) – An improper input validation vulnerability could allow unauthenticated remote attackers to execute code via specially crafted malicious packets.
  • CVE-2023-29464 (CVSS Score: 8.2) – An improper input validation vulnerability that could allow an unauthenticated threat actor to read data from memory via crafted malicious packets and cause a DoS by sending a packet larger than the buffer size

If successfully exploited, the two flaws could allow a remote attacker to execute code or lead to information disclosure or a DoS situation.

Rockwell Automation Panel View Plus

CVE-2023-2071 affects FactoryTalk View Machine Edition (versions 13.0, 12.0, and earlier), while CVE-2023-29464 affects FactoryTalk Linx (versions 6.30, 6.20, and earlier).

It’s worth noting that Rockwell Automation issued advisories for the flaws on September 12, 2023, and October 12, 2023, respectively. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued its own warnings on September 21 and October 17.

Cyber ​​Security

The revelation comes as unknown cybercriminals are suspected of exploiting a recently disclosed critical security flaw in HTTP File Server (CVE-2024-23692, CVSS score: 9.8) to spread cryptocurrency miners and trojans such as Xeno RAT, Gh0st RAT, and PlugX.

The vulnerability, described as a case of template injection, allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Did you find this article interesting? follow us on Twitter and LinkedIn to read more exclusive content we post.