CVE-2020-10642
Description
In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated local attacker can modify a registry key in Rockwell Automation RSLinx Classic 4.11.00 and prior, leading to malicious code execution with system privileges.
Vulnerability
Rockwell Automation RSLinx Classic versions 4.11.00 and prior contain an incorrect permission assignment for a critical resource (CWE-732) [1]. An authenticated local attacker can modify a registry key that affects the application's execution.
Exploitation
The attacker requires local access to the system and valid credentials. With low skill level, the attacker modifies a specific registry key. Upon opening RSLinx Classic, the modified key causes the execution of malicious code with system privileges [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code with system privileges, resulting in a complete compromise of confidentiality, integrity, and availability. The CVSS v3 base score is 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) [1].
Mitigation
Rockwell Automation has released patch 1091155 for versions 3.60 to 4.11. Users should upgrade to the latest version of RSLinx Classic and follow security recommendations from the vendor and CISA, such as minimizing network exposure, using firewalls, and employing VPNs for remote access [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.11.00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.us-cert.gov/ics/advisories/icsa-20-100-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.