CVE-2023-2071

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View Machine Edition (affected versions not specified)

Description The issue arises from improper verification of user input, allowing an unauthenticated attacker to achieve remote code execution via crafted malicious packets. The device has the functionality to execute exported functions from libraries through a CIP class. A routine restricts the execution of specific functions from two dynamic link library files. However, an attacker can upload a self-made library to the device using a CIP class, bypassing the security check and executing any code written in the function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.