Severity:
Critical
Advisory ID:
PN1623
Published Date:
May 11, 2023
Last Updated:
May 11, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2019-16748,
CVE-2020-36177
Summary
PanelView™ 800 – Remote Code Execution Vulnerabilities
Revision History
Revision Number
1.0
Revision History
Version 1.0 - May 11, 2023
Affected Products
| Affected Product | First Known in Software Version | Corrected in Software Version |
| PanelView™ 800 - 2711R-T4T | V5.011 | V8.011 |
| PanelView™ 800 - 2711R-T7T | V5.011 | V8.011 |
| PanelView™ 800 - 2711R-T10T | V5.011 | V8.011 |
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2020-36177 IMPACT
RsaPad_PSS in WolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. This is utilized in the PanelView™ 800 and could allow an attacker to accomplish a heap buffer overflow if the user has the email feature enabled in the project file where WolfSSL is used. This feature is disabled by default.
Known Exploited Vulnerability (KEV) database:
CVE-2019-16748 IMPACT
In WolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature ex in wolfcrypt/src/asn.c. WolfSSL is utilized in the PanelView™ 800 and could allow an attacker to accomplish a heap buffer overflow if the user has the email feature enabled in the project file where WolfSSL is used. This feature is disabled by default.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
CVE-2020-36177 IMPACT
RsaPad_PSS in WolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. This is utilized in the PanelView™ 800 and could allow an attacker to accomplish a heap buffer overflow if the user has the email feature enabled in the project file where WolfSSL is used. This feature is disabled by default.
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787 Out-Of-Bounds WriteKnown Exploited Vulnerability (KEV) database:
NoCVE-2019-16748 IMPACT
In WolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature ex in wolfcrypt/src/asn.c. WolfSSL is utilized in the PanelView™ 800 and could allow an attacker to accomplish a heap buffer overflow if the user has the email feature enabled in the project file where WolfSSL is used. This feature is disabled by default.
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125 Out-Of-Bounds ReadKnown Exploited Vulnerability (KEV) database:
NoCustomers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply the risk mitigations, if possible.
- Upgrade to V8.011 which has been patched to mitigate these issues.
- Ensure that the email feature is disabled (This is disabled by default).
- For information on how to mitigate Security Risks on industrial automation control systems (IACS) networks see the following publications:
- Additionally, we encourage the customer to implement our QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risk of vulnerability.
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.