CVE-2023-29464
published 2023-10-13CVE-2023-29464: FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets…
PriorityP357critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
9.60%
94.9th percentile
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_linx | — | — |
| rockwell_automation | factorytalk_linx | — | — |
| rockwellautomation | factorytalk_linx | — | — |
| rockwellautomation | factorytalk_linx | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk Linx
cisa_ics·2023-10-17·CVSS 8.2
[HIGH] Rockwell Automation FactoryTalk Linx
ICS Advisory
##
Rockwell Automation FactoryTalk Linx
Release DateOctober 17, 2023
Alert CodeICSA-23-290-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Linx
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to information disclosure or a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell products are affected:
- FactoryTalk Linx: v6.20 and prior
## 3.2 Vulnerability Overview
3.2.1 IMPROPER INPUT VALIDATION CWE-20
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat
GHSA
GHSA-4v9x-wfx7-57r9: FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious pac
ghsa_unreviewed·2023-10-13
CVE-2023-29464 [CRITICAL] CWE-20 GHSA-4v9x-wfx7-57r9: FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious pac
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
No detection rules found.
No public exploits indexed.
2023-10-13
Published