Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FactoryTalk View Machine Edition Vulnerable to Remote Code Execution
Vulnerability Description
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Rockwell Automation PanelView Plus 代码问题漏洞
Vulnerability Description
Rockwell Automation PanelView Plus是美国罗克韦尔(Rockwell Automation)公司的一款人机界面(HMI)产品系列。这些 HMI 设备旨在与工业自动化系统集成,为操作员提供控制和监视生产过程的直观界面。PanelView Plus 具有广泛的应用,尤其是在制造业、工业控制和过程控制中。 Rockwell Automation PanelView Plus 存在安全漏洞,该漏洞源于无法正确验证用户的输入,从而允许未经身份验证的攻击者通过精心设计的恶意数据包实现远
CVSS Information
N/A
Vulnerability Type
N/A