Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).
The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space.
Read more…
Source: Microsoft
Related:
- Working Windows and Linux Spectre exploits found on VirusTotal
March 1, 2021
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. The vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. If successfully exploited on vulnerable systems, it can be used by attackers to steal sensitive data, including ...
- Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall
March 1, 2021
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...
- Cisco Warns of Critical Auth-Bypass Security Flaw
February 25, 2021
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health ...
- CISA Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance
February 24, 2021
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the ...
- Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
February 22, 2021
Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all ...
- Chinese hackers cloned attack tool belonging to NSA’s Equation Group
February 22, 2021
Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 ...