PT-2020-6951 · Rockwell Automation · Rslinx Classic

Published

2020-04-10

Updated

2021-04-02

CVE-2020-10642

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RSLinx Classic versions 4.11.00 and prior

Description The issue is related to incorrect permission assignment for a critical resource in the RSLinx Classic server communication. This could allow an attacker to execute arbitrary code. An authenticated local attacker may modify a registry key, leading to the execution of malicious code with system privileges when opening RSLinx Classic.

Recommendations For versions 4.11.00 and prior, consider restricting access to the registry key that can be modified by an authenticated local attacker to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

BDU:2024-00177

CVE-2020-10642

Affected Products

Rslinx Classic

PT-2020-6951 · Rockwell Automation · Rslinx Classic

CVE-2020-10642

Weakness Enumeration

Related Identifiers

Affected Products

References · 5