Lucene search

K
cve[email protected]CVE-2019-10955
HistoryApr 25, 2019 - 6:29 p.m.

CVE-2019-10955

2019-04-2518:29:00
CWE-601
web.nvd.nist.gov
42
cve-2019-10955
rockwell automation
micrologix 1400
controllers
series a
series b
compactlogix
open redirect vulnerability
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

Affected configurations

NVD
Node
rockwellautomationmicrologix_1400Match-
AND
rockwellautomationmicrologix_1400_a_firmware
OR
rockwellautomationmicrologix_1400_b_firmwareRange≀15.002
Node
rockwellautomationmicrologix_1100Match-
AND
rockwellautomationmicrologix_1100_firmwareRange≀14.00
Node
rockwellautomationcompactlogix_5370_l1Match-
AND
rockwellautomationcompactlogix_5370_l1_firmwareRange≀30.014
Node
rockwellautomationcompactlogix_5370_l2Match-
AND
rockwellautomationcompactlogix_5370_l2_firmwareRange≀30.014
Node
rockwellautomationcompactlogix_5370_l3Match-
AND
rockwellautomationcompactlogix_5370_l3_firmwareRange≀30.014

CNA Affected

[
  {
    "product": "MicroLogix 1400 Controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Series A"
      },
      {
        "status": "affected",
        "version": "All Versions Series B"
      },
      {
        "status": "affected",
        "version": "v15.002 and earlier"
      }
    ]
  },
  {
    "product": "MicroLogix 1100 Controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v14.00 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L1 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L2 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 L3 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v30.014 and earlier"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%