Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway

Risk Summary

Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

CVEs (1)

Remediations

• RSLinx Classic Versions 3.90.01 and prior, update to v4.00.01 or later available at:
• FactoryTalk Linx Gateway Versions 3.90.00 and prior, update to FactoryTalk Linx Gateway v6.00.00 or later available at:
• Visit Knowledge Base Article ID 939382, which describes how to identify whether or not the service path contains spaces (i.e., is vulnerable); how to manually address this vulnerability through a registry edit; and describes the process of implementing these edits.
• Run all software as a user, not as an administrator, to minimize the impact of malicious code on the infected system.
• Use Microsoft AppLocker or other similar whitelisting application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at:
• Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.
• For more information, please see Rockwell Automation's knowledgebase advisory number 1073800 on this issue at the following location:

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems