09 June 2018

Serious vulnerability in RSLinx Classic and FactoryTalk Linx Gateway by Rockwell Automation

Rockwell Automation solutions RSLinx Classic and FactoryTalk Linx Gateway are affected by an Unquoted Search Path or Element vulnerability, exploitation of which could allow an authorized but non-privileged local user to execute arbitrary code on the vulnerable system. The vulnerability could also allow a threat actor to escalate user privileges.

The vulnerability, which has been assigned the ID CVE-2018-10619, affects the following versions of Rockwell Automation solutions:

  • RSLinx Classic Versions 3.90.01 and prior;
  • FactoryTalk Linx Gateway Versions 3.90.00 and prior.

The above solutions are used on industrial networks in manufacturing, energy and water supply systems. RSLinx Classic is a software platform that enables Logix5000 controllers to connect to a broad range of Rockwell Software applications and FactoryTalk Linx Gateway is an OPC server that ensures the transfer of information from Rockwell Software applications to Allen-Bradley controllers.

A CVSS v.3 base score of 8.8 has been calculated for the security vulnerability identified in Rockwell Automation solutions.

To eliminate the vulnerability, the vendor recommends updating RSLinx Classic to Version 4.00.01 and FactoryTalk Linx Gateway to Version 6.00.00. For those who cannot update the products to their latest versions, Rockwell Automation has made information on recommended mitigating procedures, including manually addressing the vulnerability through a registry edit, available on its website.

Source: ICS-CERT