CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
18.3%
Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.
The following versions of RSLinx Classic, a software platform that allows Logix5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications, and FactoryTalk Linx Gateway, software that provides an Open Platform Communications (OPC) Unified Architecture (UA) server interface to allow the delivery of information from Rockwell Software applications to Allen-Bradley controllers, are affected:
An unquoted search path or element may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.
CVE-2018-10619 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Gjoko Krstic of Zero Science Lab reported this vulnerability to Rockwell Automation, and Rockwell Automation reported it to the NCCIC.
Rockwell Automation recommends all users update to the following RSLinx Classic and FactoryTalk Linx Gateway versions:
<https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112>
<https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112>
Rockwell also recommends the following mitigating procedures to those who are unable to upgrade to the latest version:
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382> (login required).
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989> (login required).
For more information, please see Rockwell Automationβs knowledgebase advisory number 1073800 on this issue at the following location:
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073800> (login required)
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10619
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-18-158-01
compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112
compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112
cwe.mitre.org/data/definitions/428.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
rockwellautomation.custhelp.com/app/answers/detail/a_id/1073800
rockwellautomation.custhelp.com/app/answers/detail/a_id/546989
rockwellautomation.custhelp.com/app/answers/detail/a_id/939382
twitter.com/CISAgov
twitter.com/intent/tweet?text=Rockwell%20Automation%20RSLinx%20Classic%20and%20FactoryTalk%20Linx%20Gateway+https://www.cisa.gov/news-events/ics-advisories/icsa-18-158-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-18-158-01&title=Rockwell%20Automation%20RSLinx%20Classic%20and%20FactoryTalk%20Linx%20Gateway
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-18-158-01
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Rockwell%20Automation%20RSLinx%20Classic%20and%20FactoryTalk%20Linx%20Gateway&body=www.cisa.gov/news-events/ics-advisories/icsa-18-158-01
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
18.3%