InfoSecBulletin Cybersecurity for mankind
Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings.
There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
The RCE vulnerability in PanelView Plus can be exploited to upload a malicious DLL and run unauthorized code on the device. The DoS vulnerability, on the other hand, crashes the device by sending a crafted buffer it can’t handle.
Microsoft issued a warning on Tuesday about the serious risk that vulnerabilities in these devices pose to organizations that use them for important processes. These vulnerabilities could allow unauthorized remote control and disruption of critical operations.
Microsoft’s Defender for IoT research team noticed communication between two devices using the Common Industrial Protocol (CIP) during the discovery process.
After more research, a remote registry query function was found in the HMI, particularly the PanelView Plus. This led to the team speculating about possible vulnerabilities that could be used to access sensitive system keys or take control of the device.
Researchers found DLLs in the PanelView Plus firmware for processing CIP class IDs. They discovered that one DLL could be used to upload and run malicious DLL files, confirming their theory about remote-control vulnerabilities.
In May and July 2023, Microsoft shared these findings with Rockwell Automation through its Coordinated Vulnerability Disclosure (CVD) program. Rockwell responded by issuing security patches and advisories in September and October 2023.
Microsoft encourages all PanelView Plus users to apply these patches as soon as possible to reduce potential risks.
Microsoft recommends disconnecting critical devices such as PLCs, routers, and PCs from the internet and segregating them, regardless of whether they use Rockwell’s FactoryTalk View. They also suggest limiting access to CIP devices only to authorized components to enhance overall security measures.
