InfoSecBulletin Cybersecurity for mankind
Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings.
There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
The RCE vulnerability in PanelView Plus can be exploited to upload a malicious DLL and run unauthorized code on the device. The DoS vulnerability, on the other hand, crashes the device by sending a crafted buffer it can’t handle.
Microsoft issued a warning on Tuesday about the serious risk that vulnerabilities in these devices pose to organizations that use them for important processes. These vulnerabilities could allow unauthorized remote control and disruption of critical operations.
Microsoft’s Defender for IoT research team noticed communication between two devices using the Common Industrial Protocol (CIP) during the discovery process.
After more research, a remote registry query function was found in the HMI, particularly the PanelView Plus. This led to the team speculating about possible vulnerabilities that could be used to access sensitive system keys or take control of the device.
Researchers found DLLs in the PanelView Plus firmware for processing CIP class IDs. They discovered that one DLL could be used to upload and run malicious DLL files, confirming their theory about remote-control vulnerabilities.
In May and July 2023, Microsoft shared these findings with Rockwell Automation through its Coordinated Vulnerability Disclosure (CVD) program. Rockwell responded by issuing security patches and advisories in September and October 2023.
Microsoft encourages all PanelView Plus users to apply these patches as soon as possible to reduce potential risks.
Microsoft recommends disconnecting critical devices such as PLCs, routers, and PCs from the internet and segregating them, regardless of whether they use Rockwell’s FactoryTalk View. They also suggest limiting access to CIP devices only to authorized components to enhance overall security measures.
