Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

Saturday, July 6, 2024

Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

HomeCyberSecurityMicrosoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs
CyberSecurity

Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

David Jones
By David Jones
0
6
Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

Dive Brief:

  • Microsoft researchers on Tuesday warned that critical vulnerabilities in Rockwell Automation PanelView Plus can be exploited by unauthenticated hackers, putting the devices at risk for remote code execution and denial of service. The vulnerabilities were initially disclosed and patched in late 2023.
  • PanelView Plus devices are human-machine interfaces that are widely used in industrial settings, and malicious control of these devices can lead to disruptive attacks. The remote code execution vulnerability,  listed as CVE-2023-2071, has a CVSS score of 9.8. The denial of service vulnerability, listed as CVE-2023-29464, has a CVSS score of 8.2. 
  • Microsoft initially discovered the vulnerabilities and shared its findings with Rockwell Automation in May and July 2023. Rockwell Automation released security advisories and patches for the CVEs in September and October 2023. Microsoft researchers urged users to patch and apply other mitigation steps. 

Dive Insight:

The remote code execution vulnerability in PanelView Plus involves two custom classes that can be abused to upload a malicious dynamic link library to the device, according to Microsoft. The denial of service vulnerability also abuses the custom class, however in this case a crafted buffer is sent. The device cannot handle the uploaded buffer, leading to the denial of service. 

The Microsoft Defender for IoT research team found what they describe as a suspicious remote registry query. Two devices were communicating using the common industrial protocol, however researchers noticed a lack of encryption and a lack of prior authentication. 

“Further investigation revealed that the requesting device was an engineering workstation and the responding device was an [human-machine interface] – specifically PanelView Plus,” researchers said in the blog. 

Yuval Gordon, a security researcher at Microsoft, is credited with discovering the vulnerabilities. 

Active exploitation of the vulnerabilities has not be confirmed. Federal officials previously urged industrial providers to strengthen cyber hygiene practices, as hacktivists have been targeting human-machine interfaces against critical infrastructure and other targets with weak passwords and no multifactor authentication. 

Rockwell Automation in May urged customers to disconnect from the internet, citing heightened geopolitical tensions. The public warning included references to several CVEs, including several related to the FactoryTalk Service Platform. 

A spokesperson for Rockwell said the company could not provide comment on the disclosures.


Source link

Bookmark (0)
Previous article
WH responds to report Biden told ally he’s weighing dropping out of race
Next article
Biden’s struggle to remember key Cabinet official’s name left allies ‘shaken up’: report
David Jones
David Jones
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Load more

Sponsored Business

- Advertisment -spot_img

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

Market World’s portal of services include news, marketing, development and ecommerce. We strive to meet the needs and provide high value for all visitors and customers. We offer digital services for small, mid-sized and large enterprise platforms. We treat our customers as partners and offer the tools and services for growth and success for your journey.

Become a Market World Entrepreneur

FOLLOW US              

© 2022 Market World LLC. All rights reserved