First published: Thu Apr 25 2019(Updated: )
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 A Firmware | ||
Rockwellautomation Micrologix 1400 B Firmware | <=15.002 | |
Rockwellautomation Micrologix 1400 | ||
Rockwellautomation Micrologix 1100 Firmware | <=14.00 | |
Rockwellautomation Micrologix 1100 | ||
Rockwellautomation Compactlogix 5370 L1 Firmware | <=30.014 | |
Rockwellautomation Compactlogix 5370 L1 | ||
Rockwellautomation Compactlogix 5370 L2 Firmware | <=30.014 | |
Rockwellautomation Compactlogix 5370 L2 | ||
Rockwellautomation Compactlogix 5370 L3 Firmware | <=30.014 | |
Rockwellautomation Compactlogix 5370 L3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-10955.
CVE-2019-10955 has a severity value of 6.1, which is considered medium.
Rockwell Automation MicroLogix 1400 Controllers Series A (all versions), MicroLogix 1400 Controllers Series B (up to version 15.002), MicroLogix 1100 Controllers (up to version 14.00), CompactLogix 5370 L1 Controllers (up to version 30.014), CompactLogix 5370 L2 Controllers (up to version 30.014), and CompactLogix 5370 L3 Controllers (up to version 30.014) are affected by CVE-2019-10955.
To fix CVE-2019-10955, Rockwell Automation recommends updating to the latest firmware version for the affected devices.
You can find more information about CVE-2019-10955 at the following references: [ICS-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01) and [SecurityFocus BID](https://www.securityfocus.com/bid/108049).