CVE-2010-5305

Published: Mar 26, 2019Modified: Jun 26, 2025

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.

Affected (3)

Products: Rockwellautomation: Rslogix, Plc5 1785 Lx Firmware, Slc5/01 1747 L5x Firmware

Rockwellautomation

3 products

Plc5 1785 Lx Firmware

Slc5/01 1747 L5x Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Rslogix	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Plc5 1785 Lx Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Plc5 1785 Lx	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Slc5/01 1747 L5x Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Slc5/01 1747 L5x	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/66684/kw/vulnerability/r_id/115100

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-10-070-02

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.