Vulnerability CVE-2018-10619
Published: 2018-06-07

Description:
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Rockwell Automation RSLinx Classic / FactoryTalk Linx Gateway Privilege Escalation
LiquidWorm
14.06.2018
Med.
RSLinx Classic and FactoryTalk Linx Gateway Privilege Escalation
LiquidWorm
14.06.2018

Type:

CWE-428

 (Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/104415
https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01
https://www.exploit-db.com/exploits/44892/
Copyright 2024, cxsecurity.com

 

Back to Top