AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() Gjoko Krstic of Zero Science Lab reported this vulnerability to Rockwell Automation, and Rockwell Automation reported it to the NCCIC. COMPANY HEADQUARTERS LOCATION: Wisconsin, USA.CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and Wastewater Systems.A CVSS v3 base score of 8.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). FactoryTalk Linx Gateway Versions 3.90.00 and prior.ģ.2 VULNERABILITY OVERVIEW 3.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428Īn unquoted search path or element may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.ĬVE-2018-10619 has been assigned to this vulnerability.RSLinx Classic Versions 3.90.01 and prior, and.The following versions of RSLinx Classic, a software platform that allows Logix5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications, and FactoryTalk Linx Gateway, software that provides an Open Platform Communications (OPC) Unified Architecture (UA) server interface to allow the delivery of information from Rockwell Software applications to Allen-Bradley controllers, are affected: Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. Vulnerability: Unquoted Search Path or Element. ![]() ![]() Equipment: RSLinx Classic and FactoryTalk Linx Gateway. ![]()
0 Comments
Read More
Leave a Reply. |