cnvd - cnvd-2018-12106

cnvd-2018-12106

Vulnerability from cnvd

Title: Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway权限提升漏洞

Description:

RSLinx Classic是一个可让Logix5000可编程自动化控制器连接到各种罗克韦尔软件应用程序的软件平台。FactoryTalk Linx Gateway是一款提供开放平台通信（OPC）统一架构（UA）服务器接口的软件，可让您将信息从罗克韦尔软件应用程序传递到Allen-Bradley控制器。

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway存在权限提升漏洞。授权非特权本地用户可利用该漏洞在受影响的工作站上执行任意代码并提升权限。

Severity: 高

Patch Name: Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway权限提升漏洞的补丁

Patch Description:

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway存在权限提升漏洞。授权非特权本地用户可利用该漏洞在受影响的工作站上执行任意代码并提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01

Impacted products

Name
['Rockwell Automation RSLinx Classic <=3.90.01', 'Rockwell Automation FactoryTalk Linx Gateway <=3.90.00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10619"
    }
  },
  "description": "RSLinx Classic\u662f\u4e00\u4e2a\u53ef\u8ba9Logix5000\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5404\u79cd\u7f57\u514b\u97e6\u5c14\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002FactoryTalk Linx Gateway\u662f\u4e00\u6b3e\u63d0\u4f9b\u5f00\u653e\u5e73\u53f0\u901a\u4fe1\uff08OPC\uff09\u7edf\u4e00\u67b6\u6784\uff08UA\uff09\u670d\u52a1\u5668\u63a5\u53e3\u7684\u8f6f\u4ef6\uff0c\u53ef\u8ba9\u60a8\u5c06\u4fe1\u606f\u4ece\u7f57\u514b\u97e6\u5c14\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u4f20\u9012\u5230Allen-Bradley\u63a7\u5236\u5668\u3002\r\n\r\nRockwell Automation RSLinx Classic and FactoryTalk Linx Gateway\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u6388\u6743\u975e\u7279\u6743\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5de5\u4f5c\u7ad9\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u5e76\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Gjoko Krstic",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12106",
  "openTime": "2018-06-26",
  "patchDescription": "RSLinx Classic\u662f\u4e00\u4e2a\u53ef\u8ba9Logix5000\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5404\u79cd\u7f57\u514b\u97e6\u5c14\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002FactoryTalk Linx Gateway\u662f\u4e00\u6b3e\u63d0\u4f9b\u5f00\u653e\u5e73\u53f0\u901a\u4fe1\uff08OPC\uff09\u7edf\u4e00\u67b6\u6784\uff08UA\uff09\u670d\u52a1\u5668\u63a5\u53e3\u7684\u8f6f\u4ef6\uff0c\u53ef\u8ba9\u60a8\u5c06\u4fe1\u606f\u4ece\u7f57\u514b\u97e6\u5c14\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u4f20\u9012\u5230Allen-Bradley\u63a7\u5236\u5668\u3002\r\n\r\nRockwell Automation RSLinx Classic and FactoryTalk Linx Gateway\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u6388\u6743\u975e\u7279\u6743\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5de5\u4f5c\u7ad9\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u5e76\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation RSLinx Classic \u003c=3.90.01",
      "Rockwell Automation FactoryTalk Linx Gateway \u003c=3.90.00"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-08",
  "title": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-10619 (GCVE-0-2018-10619)

Vulnerability from cvelistv5

Published

2018-06-07 20:00

Modified

2024-09-16 16:23

Severity ?

CWE

CWE-428 - UNQUOTED SEARCH PATH OR ELEMENT

Summary

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/44892/	exploit, x_refsource_EXPLOIT-DB
	https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01	x_refsource_MISC
	http://www.securityfocus.com/bid/104415	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	ICS-CERT	Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway	Version: RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44892",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44892/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01"
          },
          {
            "name": "104415",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104415"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway",
          "vendor": "ICS-CERT",
          "versions": [
            {
              "status": "affected",
              "version": "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior."
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-15T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "44892",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44892/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01"
        },
        {
          "name": "104415",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104415"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-06-07T00:00:00",
          "ID": "CVE-2018-10619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICS-CERT"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44892",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44892/"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01"
            },
            {
              "name": "104415",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104415"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-10619",
    "datePublished": "2018-06-07T20:00:00Z",
    "dateReserved": "2018-05-01T00:00:00",
    "dateUpdated": "2024-09-16T16:23:04.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted