Loading

PN1647 | PanelView™ 800 Vulnerable to CVE-2017-12652

Severity:
Critical
Advisory ID:
PN1647
Published Date:
October 05, 2023
Last Updated:
October 05, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2017-12652
Summary
PanelView™ 800 Vulnerable to CVE-2017-12652

Revision History

Revision Number

1.0

Revision History

Version 1.0 - September 19, 2023

Executive Summary

The security of our products is important to us as your chosen industrial automation supplier.  This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.

Affected Products

Affected Product First Known in firmware revision Corrected in firmware revision
2711R-T10T v3.011 v6.011
2711R-T7T
2711R-T4T

Vulnerability Details

An input/output validation vulnerability exists in a third-party component that the PanelView™ 800 utilizes. Libpng, which is PNG’s reference library, version 1.6.32 and earlier does not properly check the length of chunks against the user limit. Libpng versions prior to 1.6.32 are susceptible to a vulnerability which, when successfully exploited, could potentially lead to a disclosure of sensitive information, addition or modification of data, or a denial-of-service condition.
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVSS Base Score: 9.8/10
CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: 20 – Improper Input Validation

Known Exploited Vulnerability (KEV) database:  No

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
 

Risk Mitigation & User Action

Customers using the affected software are encouraged to apply risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.

  • Update to v6.011 or later that mitigates the issue.
  • Implement QA43240 - Recommended Security Guidelines from Rockwell Automation.

Additional Resources

  • JSON CVE- 2017-12652
Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left United Kingdom Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our Privacy Policy
CloseClose