Rockwell Automation PanelView Plus 6 700-1500
Act Now8.6ICS-CERT ICSA-17-157-01Jun 6, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
PanelView Plus 6 700-1500 touchscreen HMI devices contain an authorization bypass vulnerability (CWE-862) that allows remote attackers to execute arbitrary commands without authentication. The vulnerability affects multiple firmware versions from 6.00 through 8.00 released between 2012 and 2014. Rockwell Automation has not released a patch for any affected version and has classified this device as legacy hardware. Attackers can exploit this remotely over the network with low skill level and no special access requirements.
What this means
What could happen
An attacker with network access to a PanelView Plus 6 touchscreen could execute arbitrary commands on the device, potentially altering process displays, changing equipment setpoints, or disrupting operator visibility and control of critical operations.
Who's at risk
Water utilities, electric utilities, and other municipal operators using PanelView Plus 6 700-1500 touchscreen HMI (Human Machine Interface) devices for process visualization and control. These devices are commonly used in SCADA systems to display real-time operational data and allow operators to control pumps, motors, generators, and other critical equipment.
How it could be exploited
An attacker sends a specially crafted network request to the PanelView Plus 6 device without authentication. The device fails to properly validate the request (CWE-862: missing authorization), allowing the attacker to execute commands or access functionality intended only for authorized users.
Prerequisites
- Network access to the PanelView Plus 6 device (IP address and port must be reachable)
- No valid credentials required
- No special device configuration needed
remotely exploitableno authentication requiredlow complexityhigh EPSS score (12.6%)no patch availableaffects safety and operational control
Exploitability
High exploit probability (EPSS 12.6%)
Affected products (18)
18 EOL
ProductAffected VersionsFix Status
PanelView Plus 6 700-1500: 8.00-201407308.00-20140730No fix (EOL)
PanelView Plus 6 700-1500: 7.00-201404297.00-20140429No fix (EOL)
PanelView Plus 6 700-1500: 7.00-201306197.00-20130619No fix (EOL)
PanelView Plus 6 700-1500: 6.00.426.00.42No fix (EOL)
PanelView Plus 6 700-1500: 7.00-201401287.00-20140128No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network firewall rules to restrict access to PanelView Plus 6 devices; allow connections only from engineering workstations and authorized control networks
WORKAROUNDDisable remote access features on PanelView Plus 6 if not required for operations
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: PanelView Plus 6 700-1500: 8.00-20140730, PanelView Plus 6 700-1500: 7.00-20140429, PanelView Plus 6 700-1500: 7.00-20130619, PanelView Plus 6 700-1500: 6.00.42, PanelView Plus 6 700-1500: 7.00-20140128, PanelView Plus 6 700-1500: 7.00-20140310, PanelView Plus 6 700-1500: 7.00-20130108, PanelView Plus 6 700-1500: 7.00-20130325, PanelView Plus 6 700-1500: 7.00-20140621, PanelView Plus 6 700-1500: 8.00-20141023, PanelView Plus 6 700-1500: 6.10.20121012, PanelView Plus 6 700-1500: 6.00.05, PanelView Plus 6 700-1500: 7.00-20121012, PanelView Plus 6 700-1500: 7.00-20141022, PanelView Plus 6 700-1500: 7.00-20140729, PanelView Plus 6 700-1500: 6.00-20140306, PanelView Plus 6 700-1500: 6.00.04, PanelView Plus 6 700-1500: 6.10-20140122. Apply the following compensating controls:
HARDENINGIsolate PanelView Plus 6 devices on a separate network segment (DMZ or industrial control network) with strict inbound access controls
HARDENINGMonitor network traffic to PanelView Plus 6 devices for suspicious activity; consider blocking unexpected connection attempts
CVEs (1)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/73993615-2aae-4b35-9bb1-5645f196845b