InfoSecBulletin Cybersecurity for mankind
Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings.
There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks.
Renew Dubai visa within minutes with AI-powered Salama
CVE-2024-20953
CISA Flags Oracle Agile PLM Actively Exploited Security Flaw
Stablecoin Bank Hacked – Hackers Stolen $49.5M
CVE-2025-20029
PoC Exploit Released for F5 BIG-IP Command Injection Vuln
By 1 April 2025
Australia Bans Kaspersky on its govt systems and devices
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
The RCE vulnerability in PanelView Plus can be exploited to upload a malicious DLL and run unauthorized code on the device. The DoS vulnerability, on the other hand, crashes the device by sending a crafted buffer it can’t handle.
Microsoft issued a warning on Tuesday about the serious risk that vulnerabilities in these devices pose to organizations that use them for important processes. These vulnerabilities could allow unauthorized remote control and disruption of critical operations.
Microsoft’s Defender for IoT research team noticed communication between two devices using the Common Industrial Protocol (CIP) during the discovery process.
After more research, a remote registry query function was found in the HMI, particularly the PanelView Plus. This led to the team speculating about possible vulnerabilities that could be used to access sensitive system keys or take control of the device.
Researchers found DLLs in the PanelView Plus firmware for processing CIP class IDs. They discovered that one DLL could be used to upload and run malicious DLL files, confirming their theory about remote-control vulnerabilities.
In May and July 2023, Microsoft shared these findings with Rockwell Automation through its Coordinated Vulnerability Disclosure (CVD) program. Rockwell responded by issuing security patches and advisories in September and October 2023.
Microsoft encourages all PanelView Plus users to apply these patches as soon as possible to reduce potential risks.
Microsoft recommends disconnecting critical devices such as PLCs, routers, and PCs from the internet and segregating them, regardless of whether they use Rockwell’s FactoryTalk View. They also suggest limiting access to CIP devices only to authorized components to enhance overall security measures.
