Microsoft has identified two critical vulnerabilities in Rockwell Automation’s PanelView Plus, enabling remote, unauthenticated attackers to execute arbitrary code and cause a denial-of-service (DoS). Researcher Yuval Gordon explained that the remote code execution flaw exploits custom classes to upload malicious DLLs, while the DoS vulnerability sends unmanageable crafted buffers, crashing the system.
The vulnerabilities, CVE-2023-2071 and CVE-2023-29464, with CVSS scores of 9.8 and 8.2, respectively, involve improper input validation. CVE-2023-2071 affects FactoryTalk View Machine Edition versions 13.0, 12.0, and earlier, allowing remote code execution. CVE-2023-29464 impacts FactoryTalk Linx versions 6.30, 6.20, and earlier, enabling data reading from memory and DoS through oversized packets.
Rockwell Automation issued advisories on September 12 and October 12, 2023, with CISA alerts following on September 21 and October 17. Meanwhile, threat actors are exploiting a critical HTTP File Server flaw (CVE-2024-23692, CVSS score: 9.8) to deliver cryptocurrency miners and trojans like Xeno RAT, Gh0st RAT, and PlugX through template injection, allowing remote command execution via crafted HTTP requests.
