Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability

Bugtraq ID:	104415
Class:	Design Error
CVE:	CVE-2018-10619
Remote:	No
Local:	Yes
Published:	Jun 07 2018 12:00AM
Updated:	Jun 07 2018 12:00AM
Credit:	Gjoko Krstic of Zero Science Lab
Vulnerable:	Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic 3.73.00 Rockwell Automation RSLinx Classic 3.72.00 Rockwell Automation FactoryTalk Linx Gateway 3.90
Not Vulnerable:	Rockwell Automation RSLinx Classic 4.00.01 Rockwell Automation FactoryTalk Linx Gateway 6.0

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability

Multiple Rockwell Automation Products are prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges.

The following products and versions are vulnerable:

RSLinx Classic Versions 3.90.01 and prior
FactoryTalk Linx Gateway Versions 3.90.00 and prior

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability

References:

• Rockwell Automation Homepage (Rockwell Automation)
  
• ICSA-18-158-01 Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway (CERT)