CVE-2023-2071: 
Rockwell Automation FactoryTalk View Machine Edition vulnerability analysis and mitigation

Rockwell Automation's FactoryTalk View Machine Edition running on PanelView Plus contains a critical security vulnerability identified as CVE-2023-2071. This vulnerability stems from improper input validation that allows unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability was disclosed on September 12, 2023, affecting FactoryTalk View Machine Edition versions 13.0, 12.0, and prior (Hacker News).

The vulnerability has been assigned a Critical severity with a CVSS score of 9.8. The security flaw involves two custom classes that can be exploited to upload and load malicious DLL files into the device. The vulnerability allows attackers to achieve remote code execution through crafted malicious packets (Hacker News).

Successful exploitation of CVE-2023-2071 enables attackers to execute arbitrary code remotely on the affected systems. This level of access could potentially give attackers complete control over the compromised PanelView Plus devices, posing significant risks to industrial control systems (Hacker News).

Rockwell Automation released security advisories for this vulnerability on September 12, 2023. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) subsequently issued its own alert on September 21, 2023 (Hacker News).

Microsoft's security researchers, including Yuval Gordon, played a key role in discovering and analyzing this vulnerability. The discovery was part of a broader investigation that revealed multiple critical flaws in Rockwell Automation's PanelView Plus systems (Hacker News).