CVE-2018-10619 - An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx

CVE-2018-10619

Summary

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

References

Vulnerable Configurations

cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_linx_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_linx_gateway:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 09-10-2019 - 23:32)
Impact:
Exploitability:

CWE

CWE-428

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	104415
exploit-db	44892
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01

Last major update

09-10-2019 - 23:32

Published

07-06-2018 - 20:29

Last modified

09-10-2019 - 23:32