Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-10955
HistoryApr 25, 2019 - 6:29 p.m.

CVE-2019-10955

2019-04-2518:29:00
CWE-601
[email protected]
web.nvd.nist.gov
42
cve-2019-10955
rockwell automation
micrologix 1400
controllers
series a
series b
compactlogix
open redirect vulnerability
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

Affected configurations

NVD
Node
rockwellautomationmicrologix_1400Match-
AND
rockwellautomationmicrologix_1400_a_firmware
OR
rockwellautomationmicrologix_1400_b_firmwareRange≀15.002
Node
rockwellautomationmicrologix_1100Match-
AND
rockwellautomationmicrologix_1100_firmwareRange≀14.00
Node
rockwellautomationcompactlogix_5370_l1Match-
AND
rockwellautomationcompactlogix_5370_l1_firmwareRange≀30.014
Node
rockwellautomationcompactlogix_5370_l2Match-
AND
rockwellautomationcompactlogix_5370_l2_firmwareRange≀30.014
Node
rockwellautomationcompactlogix_5370_l3Match-
AND
rockwellautomationcompactlogix_5370_l3_firmwareRange≀30.014

CNA Affected

[
  {
    "product": "MicroLogix 1400 Controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Series A"
      },
      {
        "status": "affected",
        "version": "All Versions Series B"
      },
      {
        "status": "affected",
        "version": "v15.002 and earlier"
      }
    ]
  },
  {
    "product": "MicroLogix 1100 Controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v14.00 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L1 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L2 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L3 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  }
]

Related

cvelist 1
ics 1
nessus 3
nvd 1
checkpoint_advisories 1
prion 1
cvelist
cvelist
CVE-2019-10955
2019-04-25 17:27:32
ics
ics
Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers
2019-04-23 12:00:00
nessus
nessus
Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers URL Redirection to Untrusted Site (CVE-2019-10955)
2022-02-07 00:00:00
Rockwell Automation MicroLogix 1100/1400 and CompactLogix 5370 Controllers Open Redirection Vulnerability
2019-05-21 00:00:00
Rockwellautomation Micrologix URL Redirection to Untrusted Site ('Open Redirect')
2019-11-08 00:00:00
nvd
nvd
CVE-2019-10955
2019-04-25 18:29:00
checkpoint_advisories
checkpoint_advisories
Rockwell Automation Multiple Controllers Open Redirect (CVE-2019-10955)
2019-04-28 00:00:00
prion
prion
Open redirect
2019-04-25 18:29:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for CVE-2019-10955
cvelist1ics1nessus3nvd1checkpoint_advisories1prion1