Details of VAR-202309-2171

ID

VAR-202309-2171

CVE

CVE-2023-2071

TITLE

Rockwell Automation PanelView Plus Code Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-00304

DESCRIPTION

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function. Rockwell Automation PanelView Plus is a human-machine interface (HMI) product line from Rockwell Automation. These HMI devices are designed to integrate with industrial automation systems to provide operators with an intuitive interface to control and monitor production processes. PanelView Plus has a wide range of applications, especially in manufacturing, industrial control, and process control

Trust: 1.44

sources: NVD: CVE-2023-2071 // CNVD: CNVD-2025-00304

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-00304

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	lte	version:	13.0	Trust: 1.0
vendor:	rockwell	model:	automation factorytalk view	scope:	lte	version:	<=13.0	Trust: 0.6
vendor:	rockwellautomation	model:	panelview plus	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-00304 // NVD: CVE-2023-2071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-2071
value:	CRITICAL
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-2071
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-00304
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-00304
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-2071
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-00304 // NVD: CVE-2023-2071 // NVD: CVE-2023-2071

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-434	Trust: 1.0

sources: NVD: CVE-2023-2071

PATCH

title:

Patch for Rockwell Automation PanelView Plus Code Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/648781

Trust: 0.6

sources: CNVD: CNVD-2025-00304

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2071	Trust: 1.6
db:	CNVD	id:	CNVD-2025-00304	Trust: 0.6

sources: CNVD: CNVD-2025-00304 // NVD: CVE-2023-2071

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-2071	Trust: 0.6

sources: CNVD: CNVD-2025-00304 // NVD: CVE-2023-2071

SOURCES

db:	CNVD	id:	CNVD-2025-00304
db:	NVD	id:	CVE-2023-2071

LAST UPDATE DATE

2025-01-09T23:11:01.362000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-00304	date:	2025-01-03T00:00:00
db:	NVD	id:	CVE-2023-2071	date:	2023-09-14T00:45:17.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-00304	date:	2025-01-03T00:00:00
db:	NVD	id:	CVE-2023-2071	date:	2023-09-12T14:15:09.663