| CVE-2023-29464<\/a><\/gwmw><\/gwmw><\/td> | 8.2<\/td> | DoS via out-of-bounds read<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n <\/gwmw>CVE-2023-2071<\/strong>\u00a0(CVSS score: 9.8) is an improper input validation vulnerability that remote, unauthenticated attackers can exploit to achieve code executed via crafted malicious packets.<\/gwmw><\/p>\n\n\n\n “FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user\u2019s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. \u00a0The device has the functionality, through a CIP class, to execute exported functions from libraries. \u00a0There is a routine that restricts it to execute specific functions from two dynamic link library files.” reads the advisory<\/a>. “By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.”<\/em><\/p>\n\n\n\n The flaw impacts FactoryTalk View Machine Edition (versions 13.0, 12.0, and prior).<\/gwmw><\/p>\n\n\n\n CVE-2023-29464<\/strong>\u00a0(CVSS score: 8.2) is an improper input validation vulnerability that an unauthenticated threat actor can exploit to read data from memory via crafted malicious packets and result in a DoS by sending a packet larger than the buffer size<\/p>\n\n\n\n “FactoryTalk Linx, in the Rockwell Automation PanelView\u2122 Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure.\u00a0If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk\u00ae Linx over the common industrial protocol.” reads the advisory<\/a>.<\/p>\n\n\n\n The vulnerability impacts FactoryTalk Linx (versions 6.30, 6.20, and prior).<\/p>\n\n\n\n Rockwell Automation published two separate advisories on the flaws respectively on\u00a0September 12, 2023<\/a>, and\u00a0October 12, 2023<\/a>. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also published alerts on the two flaws in\u00a0September<\/a>\u00a0and\u00a0October<\/a>.<\/a><\/p>\n\n\n\n Pierluigi Paganini<\/strong><\/a><\/gwmw><\/p>\n\n\n\n Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n (<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, OT)<\/strong><\/p>\n\n\n\n <\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":" Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load […]<\/p>\n","protected":false},"author":1,"featured_media":84473,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,10150,55],"tags":[1725,4112,9508,9506,10918,10514,687,4594,15201,841,1533],"class_list":["post-165276","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-ics-scada","category-security","tag-dos","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-ot","tag-pierluigi-paganini","tag-rce","tag-rockwell-automation-panelview-plus","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司 |