cnvd - cnvd-2025-00304

cnvd-2025-00304

Vulnerability from cnvd

Title: Rockwell Automation PanelView Plus代码问题漏洞

Description:

Rockwell Automation PanelView Plus是美国罗克韦尔（Rockwell Automation）公司的一款人机界面（HMI）产品系列。这些 HMI 设备旨在与工业自动化系统集成，为操作员提供控制和监视生产过程的直观界面。PanelView Plus 具有广泛的应用，尤其是在制造业、工业控制和过程控制中。

Rockwell Automation PanelView Plus 存在安全漏洞，该漏洞源于无法正确验证用户的输入，未经身份验证的攻击者可利用该漏洞通过精心设计的恶意数据包实现远程执行代码。

Severity: 高

Patch Name: Rockwell Automation PanelView Plus代码问题漏洞的补丁

Patch Description:

Rockwell Automation PanelView Plus 存在安全漏洞，该漏洞源于无法正确验证用户的输入，未经身份验证的攻击者可利用该漏洞通过精心设计的恶意数据包实现远程执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修复方案，请关注厂商主页更新： https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724

Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-2071

Impacted products

Name
['Rockwell Automation FactoryTalk View <=13.0', 'rockwellautomation panelview plus']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-2071",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-2071"
    }
  },
  "description": "Rockwell Automation PanelView Plus\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u4ea7\u54c1\u7cfb\u5217\u3002\u8fd9\u4e9b HMI \u8bbe\u5907\u65e8\u5728\u4e0e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u96c6\u6210\uff0c\u4e3a\u64cd\u4f5c\u5458\u63d0\u4f9b\u63a7\u5236\u548c\u76d1\u89c6\u751f\u4ea7\u8fc7\u7a0b\u7684\u76f4\u89c2\u754c\u9762\u3002PanelView Plus \u5177\u6709\u5e7f\u6cdb\u7684\u5e94\u7528\uff0c\u5c24\u5176\u662f\u5728\u5236\u9020\u4e1a\u3001\u5de5\u4e1a\u63a7\u5236\u548c\u8fc7\u7a0b\u63a7\u5236\u4e2d\u3002\n\nRockwell Automation PanelView Plus \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u7684\u8f93\u5165\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6076\u610f\u6570\u636e\u5305\u5b9e\u73b0\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-00304",
  "openTime": "2025-01-03",
  "patchDescription": "Rockwell Automation PanelView Plus\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u4ea7\u54c1\u7cfb\u5217\u3002\u8fd9\u4e9b HMI \u8bbe\u5907\u65e8\u5728\u4e0e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u96c6\u6210\uff0c\u4e3a\u64cd\u4f5c\u5458\u63d0\u4f9b\u63a7\u5236\u548c\u76d1\u89c6\u751f\u4ea7\u8fc7\u7a0b\u7684\u76f4\u89c2\u754c\u9762\u3002PanelView Plus \u5177\u6709\u5e7f\u6cdb\u7684\u5e94\u7528\uff0c\u5c24\u5176\u662f\u5728\u5236\u9020\u4e1a\u3001\u5de5\u4e1a\u63a7\u5236\u548c\u8fc7\u7a0b\u63a7\u5236\u4e2d\u3002\r\n\r\nRockwell Automation PanelView Plus \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u7684\u8f93\u5165\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6076\u610f\u6570\u636e\u5305\u5b9e\u73b0\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation PanelView Plus\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation FactoryTalk View \u003c=13.0",
      "rockwellautomation panelview plus"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-2071",
  "serverity": "\u9ad8",
  "submitTime": "2023-09-20",
  "title": "Rockwell Automation PanelView Plus\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2023-2071 (GCVE-0-2023-2071)

Vulnerability from cvelistv5

Published

2023-09-12 13:12

Modified

2024-09-25 20:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Summary

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.

References

▼	URL	Tags
	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724

Impacted products

	Vendor	Product	Version
	Rockwell Automation	Fa	Version: <=13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:19.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T20:05:40.334404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T20:05:52.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fa",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=13.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": " Rockwell Automation would like to thank Yuval Gordon, CPS Research, and the Microsoft Threat Intelligence Community for reporting this vulnerability to us."
        }
      ],
      "datePublic": "2023-09-12T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user\u2019s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. \u0026nbsp;The device has the functionality, through a CIP class, to execute exported functions from libraries. \u0026nbsp;There is a routine that restricts it to execute specific functions from two dynamic link library files. \u0026nbsp;By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nRockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user\u2019s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. \u00a0The device has the functionality, through a CIP class, to execute exported functions from libraries. \u00a0There is a routine that restricts it to execute specific functions from two dynamic link library files. \u00a0By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-641",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-641 DLL Side-Loading"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T13:12:42.386Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cul\u003e\u003cli\u003eInstall the security patches for the respective versions referencing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139946\"\u003eBF29493 - Patch: FactoryTalk Linx CIP Vulnerability issue, FactoryTalk View ME 12.0, 13.0\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\n  *  Install the security patches for the respective versions referencing  BF29493 - Patch: FactoryTalk Linx CIP Vulnerability issue, FactoryTalk View ME 12.0, 13.0 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139946 .\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "FactoryTalk View Machine Edition Vulnerable to Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2023-2071",
    "datePublished": "2023-09-12T13:12:42.386Z",
    "dateReserved": "2023-04-14T18:04:01.758Z",
    "dateUpdated": "2024-09-25T20:05:52.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted