Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure
CVE-2023-29464

9.1CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: FactoryTalk Linx
Vendor: CVE Published:; 13 October 2023

Badges

📰 News Worthy

Summary

The vulnerability in Rockwell Automation's FactoryTalk Linx, utilized in both PanelView Plus 6 and 7, enables unauthenticated attackers to exploit crafted malicious packets. This exploitation allows unauthorized reading of memory data, leading to potential information leaks. Furthermore, if the size of the malicious packets exceeds the allowable buffer size, it can cause the communication over the common industrial protocol to freeze, resulting in a denial of service for FactoryTalk Linx applications. This issue underscores the importance of securing industrial control systems against unauthorized access.

Affected Version(s)

FactoryTalk Linx 6.20

FactoryTalk Linx 6.30

News Articles

SecurityLab.ru

CVE-2023-2071 CVE-2023-29464

Ахиллесова пята индустрии: ошибки в сердце АСУ ТП

Бездействие администраторов может привести к параличу производства.

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by SecurityLab.ru
Jul 5, 2024
Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Apr 6, 2023

Credit

Rockwell Automation would like to thank Yuval Gordon, CPS Research, Microsoft Threat Intelligence Community for reporting this vulnerability to us.

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Ахиллесова пята индустрии: ошибки в сердце АСУ ТП

References

CVSS V3.1

Timeline

Credit