PT-2018-10009 · Rockwell Automation · Rslinx Classic+1

Liquidworm

Published

2018-06-07

Updated

2019-10-09

CVE-2018-10619

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RSLinx Classic versions 3.90.01 and prior FactoryTalk Linx Gateway versions 3.90.00 and prior

Description The issue allows an authorized, but non-privileged local user to execute arbitrary code and escalate user privileges on the affected workstation due to an unquoted search path or element.

Recommendations For RSLinx Classic versions 3.90.01 and prior, update to a version later than 3.90.01 to resolve the issue. For FactoryTalk Linx Gateway versions 3.90.00 and prior, update to a version later than 3.90.00 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2018-10619

Affected Products

Factorytalk Linx Gateway

Rslinx Classic

PT-2018-10009 · Rockwell Automation · Rslinx Classic+1

CVE-2018-10619

Weakness Enumeration

Related Identifiers

Affected Products

References · 5