CVE-2019-10955
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| Up to 15.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Micrologix 1400 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 14.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Micrologix 1100 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 30.014 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L1 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 30.014 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L2 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 30.014 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L3 | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.