Rockwell ControlLogix Exploitation
On September 25th, 2023, Rockwell Automation published a newly discovered “Improper Input Validation” vulnerability (CVE-2023-2071) for their FactoryTalk View Machine Edition software, with a CVSS Severity Base Score of 9.8 (high). The software improperly verifies user’s input, which enables unauthenticated attackers to achieve malicious code execution remotely and with low attack complexity via crafted malicious packets, or by using a self-made library to bypass security checks within FactoryTalk View Machine Edition.
Rockwell Products affected:
- FactoryTalk View Machine Edition: v13.0
- FactoryTalk View Machine Edition: v12.0 and prior
Actions and/or Recommendations
- Determine if CVE-2023-2071 impacts any of your current systems.
- Ensure any projects moving forward are also managing this CVE.
- Engage Mangan Cybersecurity for assistance with impacted systems and networks.
- Update Factory Talk Machine Edition with Rockwell’s v12.0 & v13.0 (Patch)
- Develop & Test monitoring strategy to identify undesired access or activity on the OT/ICS Network.
Mangan Cybersecurity has well established templates and techniques to assist with the above suggestions expediently and effectively.
About REAL Matters and Mangan Inc.
REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.
Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.