Loading

PN1647 | PanelView™ 800 Vulnerable to CVE-2017-12652

Severity:
Critical
Advisory ID:
PN1647
게시한 날짜:
October 05, 2023
최근 업데이트:
October 05, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
CVE IDs
CVE-2017-12652
요약
PanelView™ 800 Vulnerable to CVE-2017-12652

Revision History

Revision Number

1.0

Revision History

Version 1.0 - September 19, 2023

Executive Summary

The security of our products is important to us as your chosen industrial automation supplier.  This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.

Affected Products

Affected Product First Known in firmware revision Corrected in firmware revision
2711R-T10T v3.011 v6.011
2711R-T7T
2711R-T4T

Vulnerability Details

An input/output validation vulnerability exists in a third-party component that the PanelView™ 800 utilizes. Libpng, which is PNG’s reference library, version 1.6.32 and earlier does not properly check the length of chunks against the user limit. Libpng versions prior to 1.6.32 are susceptible to a vulnerability which, when successfully exploited, could potentially lead to a disclosure of sensitive information, addition or modification of data, or a denial-of-service condition.
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVSS Base Score: 9.8/10
CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: 20 – Improper Input Validation

Known Exploited Vulnerability (KEV) database:  No

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
 

Risk Mitigation & User Action

Customers using the affected software are encouraged to apply risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.

  • Update to v6.011 or later that mitigates the issue.
  • Implement QA43240 - Recommended Security Guidelines from Rockwell Automation.

Additional Resources

  • JSON CVE- 2017-12652
Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. {0} 개인 정보 보호 정책
CloseClose