Industrial sector organizations have been urged by Microsoft to immediately remediate a pair of vulnerabilities impacting Rockwell Automation PanelView Plus devices, SC Media reports.
More severe of the bugs is a critical remote code execution flaw, tracked as CVE-2023-2071, which could be exploited to enable malicious DLL injections, while the high-severity denial-of-service issue, tracked as CVE-2023-29464, could be used to overload devices with a crafted buffer, according to Microsoft, which emphasized the importance of implementing the fixes issued last fall amid persistent cyber threats against critical infrastructure. Such security issues should prompt critical infrastructure organizations to bolster physical asset security management via remote access point mapping, robust passwords, multi-factor authentication, and stringent access configurations, said DeNexus Chief Marketing Officer Isabelle Dumont. "Remote access to industrial environments by a third-party for maintenance has often been flagged as a weakness in cybersecurity programs and is heavily targeted by threat actors as an easy entry point," Dumont added.