{"id":134874,"date":"2024-07-02T09:00:00","date_gmt":"2024-07-02T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=134874"},"modified":"2024-07-30T03:43:15","modified_gmt":"2024-07-30T10:43:15","slug":"vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/07\/02\/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution\/","title":{"rendered":"Vulnerabilities in PanelView Plus devices could lead to remote code execution"},"content":{"rendered":"\n
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS.<\/p>\n\n\n\n
PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space. These vulnerabilities can significantly impact organizations using the affected devices, as attackers could exploit these vulnerabilities to remotely execute code and disrupt operations.<\/p>\n\n\n\n
We shared these findings with Rockwell Automation through Coordinated Vulnerability Disclosure<\/a> (CVD) via Microsoft Security Vulnerability Research<\/a> (MSVR) in May and July 2023. Rockwell published two advisories and released security patches in September and October 2023. We want to thank the Rockwell Automation product security team for their responsiveness in fixing this issue. We highly recommend PanelView Plus customers to apply these security patches. <\/p>\n\n\n\n The discovered vulnerabilities are summarized in the table below:<\/p>\n\n\n\n In this blog post, we will focus on the technical details of the CVE-2023-2071 remote code execution vulnerability and how it was discovered, as well as provide an overview of the protocol used for both the RCE and DoS vulnerabilities. Additionally, we will offer technical details about the vulnerability and demonstrate the exploitation method. By sharing this research with the larger security community, we aim to emphasize the importance of collaboration in the effort to secure platforms and devices.<\/p>\n\n\n\nCVE ID<\/th> CVSS Score<\/th> Vulnerability<\/th><\/tr><\/thead> CVE-2023-2071<\/a><\/td> 9.8<\/td> Remote code execution (RCE)<\/td><\/tr> CVE-2023-29464<\/a><\/td> 8.2<\/td> DoS via out-of-bounds read<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Suspicious remote registry query<\/h2>\n\n\n