Microsoft finds severe vulnerabilities in Rockwell devices, urging immediate security updates to prevent remote code execution and DoS attacks.
Microsoft has uncovered two significant vulnerabilities in Rockwell Automation’s PanelView Plus devices, which could allow unauthenticated attackers to execute remote code and initiate denial-of-service (DoS) attacks.
These vulnerabilities, CVE-2023-2071 and CVE-2023-29464, expose critical security gaps in industrial automation systems.
The first vulnerability (CVE-2023-2071) has a CVSS score of 9.8 and involves exploiting custom classes within the device to upload and execute a malicious DLL, effectively giving attackers remote control.
The second vulnerability (CVE-2023-29464), with a CVSS score of 8.2, allows attackers to send a crafted buffer that crashes the system.
A Microsoft spokesperson said:
These findings highlight severe security risks in industrial environments and underscore the necessity for robust security measures. Exploiting these vulnerabilities could lead to operational disruptions and significant financial losses.
Microsoft’s Security Vulnerability Research (MSVR) team discovered these vulnerabilities and shared their findings with Rockwell Automation in May and July 2023. Rockwell Automation responded promptly, releasing security patches in September and October 2023.
Collaboration in the cybersecurity community is vital. Microsoft's detailed technical insights and mitigation strategies are crucial for protecting industrial systems.
The identified vulnerabilities can be mitigated by applying the latest security patches, specifically PN1645 and PN1652, ensuring proper network segmentation, and limiting access to authorized components only.
Microsoft also recommends using their scanning tool for Rockwell Rslogix devices, which are available on GitHub. This discovery underscores the importance of continuously monitoring and updating security measures in industrial systems to safeguard against evolving cyber threats.
As the digital landscape becomes increasingly complex, proactive and collaborative efforts in cybersecurity are essential for maintaining the integrity and security of critical infrastructure.
News You Can’t-Miss
- Evolve Bank Cyber Attack Exposes Affirm Users’ Personal Data
- CloudSorcerer Malware Hijacks Cloud Services for Espionage
- China Aims for 50+ New AI Standards by 2026!
- iOS 18 Beta 3 Expands RCS Messaging to Global iPhone Users
- Mirae Asset’s Founder Uses AI to Cut Investment Fees
- Australian Man Charged for Fake Wi-Fi Scam on Flights!
Hey, wait!
Stay updated on the latest technology trends by following VPNRanks news! As your primary source for tech updates, we keep you informed and ahead of the curve. Make VPNRanks your go-to guide for protecting your digital life and staying on top of tech developments!
