Sign-up

ID

VAR-202004-0058


CVE

CVE-2020-10642


TITLE

Rockwell Automation Made RSLinx Classic Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003281

DESCRIPTION

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. Rockwell Automation Provided by the company RSLinx Classic Is software for managing industrial equipment. RSLinx Classic Inappropriate permission assignment for critical resources (CWE-732) Vulnerability exists. The program supports access to RockwellSoftware and Allen-Bradley applications through Allen-Bradley programmable controllers. A local attacker could exploit this vulnerability to execute malicious code with system privileges

Trust: 1.71

sources: NVD: CVE-2020-10642 // JVNDB: JVNDB-2020-003281 // VULHUB: VHN-163141

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx classicscope:lteversion:4.11.00

Trust: 1.0

vendor:rockwell automationmodel:rslinx classicscope:eqversion:version 4.11.00

Trust: 0.8

sources: JVNDB: JVNDB-2020-003281 // NVD: CVE-2020-10642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10642
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-003281
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-564
value: HIGH

Trust: 0.6

VULHUB: VHN-163141
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10642
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-163141
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10642
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-003281
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-163141 // JVNDB: JVNDB-2020-003281 // CNNVD: CNNVD-202004-564 // NVD: CVE-2020-10642

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.9

sources: VULHUB: VHN-163141 // JVNDB: JVNDB-2020-003281 // NVD: CVE-2020-10642

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-564

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-564

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003281

PATCH
title:Compatibility & Downloadsurl:https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx
Trust: 0.8
title:Rockwell Automation RSLinx Classic Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113621
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003281 // 
            
            
            
            CNNVD: CNNVD-202004-564

EXTERNAL IDS
db:NVDid:CVE-2020-10642
Trust: 2.5
db:ICS CERTid:ICSA-20-100-01
Trust: 2.5
db:JVNid:JVNVU99126710
Trust: 0.8
db:JVNDBid:JVNDB-2020-003281
Trust: 0.8
db:CNNVDid:CNNVD-202004-564
Trust: 0.7
db:NSFOCUSid:47390
Trust: 0.6
db:AUSCERTid:ESB-2020.1297
Trust: 0.6
db:VULHUBid:VHN-163141
Trust: 0.1
sources:
            
            
            VULHUB: VHN-163141 // 
            
            
            
            JVNDB: JVNDB-2020-003281 // 
            
            
            
            CNNVD: CNNVD-202004-564 // 
            
            
            
            NVD: CVE-2020-10642

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-100-01
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10642
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-100-01\
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99126710/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-10642
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47390
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1297/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-163141 // 
            
            
            
            JVNDB: JVNDB-2020-003281 // 
            
            
            
            CNNVD: CNNVD-202004-564 // 
            
            
            
            NVD: CVE-2020-10642

CREDITS
Applied Risk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-564

SOURCES
db:VULHUBid:VHN-163141
db:JVNDBid:JVNDB-2020-003281
db:CNNVDid:CNNVD-202004-564
db:NVDid:CVE-2020-10642

LAST UPDATE DATE
2024-11-23T22:29:40.729000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-163141date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-003281date:2020-04-13T00:00:00
db:CNNVDid:CNNVD-202004-564date:2021-04-06T00:00:00
db:NVDid:CVE-2020-10642date:2024-11-21T04:55:45.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-163141date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2020-003281date:2020-04-13T00:00:00
db:CNNVDid:CNNVD-202004-564date:2020-04-09T00:00:00
db:NVDid:CVE-2020-10642date:2020-04-13T19:15:11