Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Pierluigi Paganini July 05, 2024

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit.

Microsoft responsibly two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS).

The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load a malicious DLL. The DoS vulnerability uses the same custom class to send a crafted buffer, causing the device to malfunction and result in a DoS.

The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability uses the same custom class to send a crafted buffer that the device cannot properly manage, triggering a DoS condition.

PanelView Plus devices are human-machine interfaces (HMI) in industrial environments, the exploitation of the flaws can potentially disrupt operations, posing serious risks to organizations relying on these devices.

The two vulnerabilities are:

CVE IDCVSS ScoreVulnerability
9.8Remote code execution (RCE)
8.2DoS via out-of-bounds read

CVE-2023-2071 (CVSS score: 9.8) is an improper input validation vulnerability that remote, unauthenticated attackers can exploit to achieve code executed via crafted malicious packets.

“FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.  The device has the functionality, through a CIP class, to execute exported functions from libraries.  There is a routine that restricts it to execute specific functions from two dynamic link library files.” . “By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.”

The flaw impacts FactoryTalk View Machine Edition (versions 13.0, 12.0, and prior).

CVE-2023-29464 (CVSS score: 8.2) is an improper input validation vulnerability that an unauthenticated threat actor can exploit to read data from memory via crafted malicious packets and result in a DoS by sending a packet larger than the buffer size

“FactoryTalk Linx, in the Rockwell Automation PanelView™ Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk® Linx over the common industrial protocol.” .

The vulnerability impacts FactoryTalk Linx (versions 6.30, 6.20, and prior).

Rockwell Automation published two separate advisories on the flaws respectively on , and . The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also published alerts on the two flaws in  and .

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, OT)



you might also like

leave a comment