Security Alert: New Vulnerabilities Discovered in Industrial Control Systems

Security Alert: New Vulnerabilities Discovered in Industrial Control Systems

A recent investigation has uncovered significant security flaws in Rockwell Automation PanelView Plus, as reported by Microsoft. These vulnerabilities could potentially be exploited by malicious actors to execute harmful code and initiate denial-of-service attacks without the need for authentication.

The first vulnerability involves exploiting specific custom classes within PanelView Plus to upload and execute a malicious DLL, enabling remote code execution. Meanwhile, the second flaw leverages a similar class to send a manipulated buffer, causing the device to malfunction and leading to a denial-of-service situation.

One of the identified vulnerabilities, assigned CVE-2023-2071, permits remote code execution through the manipulation of malicious packets. The other flaw, designated as CVE-2023-29464, allows threat actors to extract data from the device’s memory and trigger a DoS by overloading the system with a packet larger than it can handle.

These security gaps, affecting FactoryTalk View Machine Edition and FactoryTalk Linx, were officially addressed by Rockwell Automation in September and October of 2023. This development underscores the ongoing risks associated with industrial control systems and emphasizes the importance of prompt patching and security updates to mitigate potential cyber threats.

FAQ Section:

1. What are the security flaws uncovered in Rockwell Automation PanelView Plus?
The investigation revealed vulnerabilities that could be exploited for remote code execution and denial-of-service attacks without authentication.

2. How could malicious actors exploit these vulnerabilities?
By uploading and executing a malicious DLL through specific custom classes within PanelView Plus, or by sending a manipulated buffer to cause a denial-of-service situation.

3. What are the CVE identifiers assigned to the identified vulnerabilities?
CVE-2023-2071 permits remote code execution through malicious packets manipulation, while CVE-2023-29464 allows data extraction leading to denial-of-service attacks by overloading the system with large packets.

4. Which Rockwell Automation products are affected by these security flaws?
FactoryTalk View Machine Edition and FactoryTalk Linx were impacted by the security gaps.

5. When were these vulnerabilities officially addressed by Rockwell Automation?
The vulnerabilities were patched in September and October of 2023, highlighting the importance of timely security updates.

Key Terms:

Remote Code Execution (RCE): A security vulnerability that allows an attacker to execute arbitrary code on a target system.

Denial-of-Service (DoS): An attack that disrupts the normal functioning of a system by overwhelming it with a flood of illegitimate requests or data.

Buffer: A temporary storage area within a device’s memory used to store data temporarily during input/output operations.

Suggested Related Links:

1. Rockwell Automation Website – Official website of Rockwell Automation for updates on security advisories and product information.

Security Alert for Industrial Control Systems

Martin Baláž