Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).
The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space.
Read more…
Source: Microsoft
Related:
- Google Chrome Browser Bug Exposes Billions of Users to Data Theft
August 10, 2020
A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code. The bug (CVE-2020-6519) is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. ...
- FBI: Iranian hackers trying to exploit critical F5 BIG-IP flaw
August 8, 2020
The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks. F5 Networks (F5) released security updates to fix the critical 10/10 CVSSv3 rating F5 Big-IP ADC vulnerability tracked as CVE-2020-5902 on July 3, ...
- Bugs in HDL Automation expose IoT devices to remote hijacking
August 8, 2020
A security researcher discovered vulnerabilities in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. In a presentation on Saturday at the IoT Village during the DEF CON hacker conference, Barak Sternberg shows how some weak spots in the HDL automation system could have ...
- Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
August 7, 2020
Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privileges attacks – ultimately giving hackers control of targeted handsets. ...
- ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros
August 6, 2020
A new “zero-click” MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at ...
- Hackers can remotely hijack enterprise, healthcare Temi robots
August 6, 2020
Robots used in hospitals and care homes to assist patients and the vulnerable can be fully hijacked by cyberattackers. On Thursday at Black Hat USA, McAfee’s Advanced Threat Research (ATR) team disclosed new research into the robots, in which remotely-exploitable vulnerabilities were uncovered, potentially leading to mobile, audio, and video tampering on the hospital floor. The robot ...