CVE-2018-10619

Summary

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTRockwell Automation RSLinx Classic and FactoryTalk Linx GatewayRSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior.affected

Weaknesses

  • CWE-428: UNQUOTED SEARCH PATH OR ELEMENT CWE-428

ADP Enrichment

CVE Program Container

Additional References

References