InfoSecBulletin Cybersecurity for mankind
Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings.
There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
The RCE vulnerability in PanelView Plus can be exploited to upload a malicious DLL and run unauthorized code on the device. The DoS vulnerability, on the other hand, crashes the device by sending a crafted buffer it can’t handle.
Microsoft issued a warning on Tuesday about the serious risk that vulnerabilities in these devices pose to organizations that use them for important processes. These vulnerabilities could allow unauthorized remote control and disruption of critical operations.
Microsoft’s Defender for IoT research team noticed communication between two devices using the Common Industrial Protocol (CIP) during the discovery process.
After more research, a remote registry query function was found in the HMI, particularly the PanelView Plus. This led to the team speculating about possible vulnerabilities that could be used to access sensitive system keys or take control of the device.
Researchers found DLLs in the PanelView Plus firmware for processing CIP class IDs. They discovered that one DLL could be used to upload and run malicious DLL files, confirming their theory about remote-control vulnerabilities.
In May and July 2023, Microsoft shared these findings with Rockwell Automation through its Coordinated Vulnerability Disclosure (CVD) program. Rockwell responded by issuing security patches and advisories in September and October 2023.
Microsoft encourages all PanelView Plus users to apply these patches as soon as possible to reduce potential risks.
Microsoft recommends disconnecting critical devices such as PLCs, routers, and PCs from the internet and segregating them, regardless of whether they use Rockwell’s FactoryTalk View. They also suggest limiting access to CIP devices only to authorized components to enhance overall security measures.
