Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation

high Nessus Plugin ID 110534

Synopsis

An application running on the remote host is affected by a local privilege escalation vulnerability.

Description

The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service.
A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Solution

Upgrade to Rockwell Automation RSLinx Classic version 4.00.01 or later.

See Also

http://www.nessus.org/u?55ff06a7

https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01

Plugin Details

Severity: High

ID: 110534

File Name: scada_rslinx_classic_4_00_01.nbin

Version: 1.99

Type: local

Agent: windows

Family: SCADA

Published: 6/14/2018

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-10619

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:rslinx_classic

Required KB Items: installed_sw/Rockwell Automation RSLinx Classic

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/7/2018

Vulnerability Publication Date: 6/7/2018

Reference Information

CVE: CVE-2018-10619

BID: 104415

ICSA: 18-158-01