CWE
601
Advisory Published
Updated

CVE-2019-10955

First published: Thu Apr 25 2019(Updated: )

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Rockwellautomation Micrologix 1400 A Firmware
Rockwellautomation Micrologix 1400 B Firmware<=15.002
Rockwellautomation Micrologix 1400
Rockwellautomation Micrologix 1100 Firmware<=14.00
Rockwellautomation Micrologix 1100
Rockwellautomation Compactlogix 5370 L1 Firmware<=30.014
Rockwellautomation Compactlogix 5370 L1
Rockwellautomation Compactlogix 5370 L2 Firmware<=30.014
Rockwellautomation Compactlogix 5370 L2
Rockwellautomation Compactlogix 5370 L3 Firmware<=30.014
Rockwellautomation Compactlogix 5370 L3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2019-10955.

  • What is the severity of CVE-2019-10955?

    CVE-2019-10955 has a severity value of 6.1, which is considered medium.

  • What software versions are affected by CVE-2019-10955?

    Rockwell Automation MicroLogix 1400 Controllers Series A (all versions), MicroLogix 1400 Controllers Series B (up to version 15.002), MicroLogix 1100 Controllers (up to version 14.00), CompactLogix 5370 L1 Controllers (up to version 30.014), CompactLogix 5370 L2 Controllers (up to version 30.014), and CompactLogix 5370 L3 Controllers (up to version 30.014) are affected by CVE-2019-10955.

  • How can I fix CVE-2019-10955?

    To fix CVE-2019-10955, Rockwell Automation recommends updating to the latest firmware version for the affected devices.

  • Where can I find more information about CVE-2019-10955?

    You can find more information about CVE-2019-10955 at the following references: [ICS-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01) and [SecurityFocus BID](https://www.securityfocus.com/bid/108049).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203