PT-2018-10009 · Rockwell Automation · Rslinx Classic+1

Liquidworm

Publicado

2018-06-07

Atualizado

2019-10-09

CVE-2018-10619

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RSLinx Classic versions 3.90.01 and prior FactoryTalk Linx Gateway versions 3.90.00 and prior

Description The issue allows an authorized, but non-privileged local user to execute arbitrary code and escalate user privileges on the affected workstation due to an unquoted search path or element.

Recommendations For RSLinx Classic versions 3.90.01 and prior, update to a version later than 3.90.01 to resolve the issue. For FactoryTalk Linx Gateway versions 3.90.00 and prior, update to a version later than 3.90.00 to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428

Identificadores relacionados

CVE-2018-10619

Produtos afetados

Factorytalk Linx Gateway

Rslinx Classic

PT-2018-10009 · Rockwell Automation · Rslinx Classic+1

CVE-2018-10619

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5