Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation

Medium Nessus Plugin ID 110534

Synopsis

An application running on the remote host is affected by a local privilege escalation vulnerability.

Description

The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service.
A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Solution

Upgrade to Rockwell Automation RSLinx Classic version 4.00.01 or later.

See Also

http://www.nessus.org/u?55ff06a7

https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01

Plugin Details

Severity: Medium

ID: 110534

File Name: scada_rslinx_classic_4_00_01.nbin

Version: 1.22

Type: local

Family: SCADA

Published: 2018/06/14

Updated: 2019/08/20

Dependencies: 83522

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2018-10619

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:rslinx_classic

Required KB Items: installed_sw/Rockwell Automation RSLinx Classic

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/06/07

Vulnerability Publication Date: 2018/06/07

Reference Information

CVE: CVE-2018-10619

BID: 104415

ICSA: 18-158-01