CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10619

HIGH
7.8
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile0.72th
PublishedJun 7, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Rslinx Classic

< 3.90.01
πŸ“¦
Rockwellautomation

Factorytalk Linx Gateway

< 3.90.00

References & Advisories

πŸ”— http://www.securityfocus.com/bid/104415
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01
πŸ”— https://www.exploit-db.com/exploits/44892/
πŸ”— http://www.securityfocus.com/bid/104415
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01
πŸ”— https://www.exploit-db.com/exploits/44892/

Related Vulnerabilities

CVE-2018-148299.8

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally...

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2019-65539.8

A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll fi...

CVE-2011-25309.3

Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLin...