漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FactoryTalk View Machine Edition Vulnerable to Remote Code Execution
Vulnerability Description
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Rockwell Automation PanelView Plus 代码问题漏洞
Vulnerability Description
Rockwell Automation PanelView Plus是美国罗克韦尔(Rockwell Automation)公司的一款人机界面(HMI)产品系列。这些 HMI 设备旨在与工业自动化系统集成,为操作员提供控制和监视生产过程的直观界面。PanelView Plus 具有广泛的应用,尤其是在制造业、工业控制和过程控制中。 Rockwell Automation PanelView Plus 存在安全漏洞,该漏洞源于无法正确验证用户的输入,从而允许未经身份验证的攻击者通过精心设计的恶意数据包实现远
CVSS Information
N/A
Vulnerability Type
N/A