You are here

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway (ICSA-18-158-01) – Products Used in the Water and Wastewater and Energy Sectors

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway (ICSA-18-158-01) – Products Used in the Water and Wastewater and Energy Sectors

Created: Thursday, June 7, 2018 - 15:26
Categories:
Cybersecurity

The NCCIC has released an advisory on an unquoted search path or element vulnerability in Rockwell RSLinx Classic and FactoryTalk Linx Gateway. Versions 3.90.01 and prior of the former product and versions 3.90.00 and prior of the latter product are affected. Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. Rockwell Automation recommends all users update to new versions of RSLinx Classic and FactoryTalk Linx Gateway. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.