CVE-2019-10955
First published: Thu Apr 25 2019(Updated: )
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Micrologix 1400 A Firmware | ||
| Rockwellautomation Micrologix 1400 B Firmware | <=15.002 | |
| Rockwellautomation Micrologix 1400 | ||
| Rockwellautomation Micrologix 1100 Firmware | <=14.00 | |
| Rockwellautomation Micrologix 1100 | ||
| Rockwellautomation Compactlogix 5370 L1 Firmware | <=30.014 | |
| Rockwellautomation Compactlogix 5370 L1 | ||
| Rockwellautomation Compactlogix 5370 L2 Firmware | <=30.014 | |
| Rockwellautomation Compactlogix 5370 L2 | ||
| Rockwellautomation Compactlogix 5370 L3 Firmware | <=30.014 | |
| Rockwellautomation Compactlogix 5370 L3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-10955.
What is the severity of CVE-2019-10955?
CVE-2019-10955 has a severity value of 6.1, which is considered medium.
What software versions are affected by CVE-2019-10955?
Rockwell Automation MicroLogix 1400 Controllers Series A (all versions), MicroLogix 1400 Controllers Series B (up to version 15.002), MicroLogix 1100 Controllers (up to version 14.00), CompactLogix 5370 L1 Controllers (up to version 30.014), CompactLogix 5370 L2 Controllers (up to version 30.014), and CompactLogix 5370 L3 Controllers (up to version 30.014) are affected by CVE-2019-10955.
How can I fix CVE-2019-10955?
To fix CVE-2019-10955, Rockwell Automation recommends updating to the latest firmware version for the affected devices.
Where can I find more information about CVE-2019-10955?
You can find more information about CVE-2019-10955 at the following references: [ICS-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01) and [SecurityFocus BID](https://www.securityfocus.com/bid/108049).
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rockwellautomation
- canonical/rockwellautomation micrologix 1400 a firmware
- canonical/rockwellautomation micrologix 1400 b firmware
- version/rockwellautomation micrologix 1400 b firmware/15.002
- canonical/rockwellautomation micrologix 1400
- canonical/rockwellautomation micrologix 1100 firmware
- version/rockwellautomation micrologix 1100 firmware/14.00
- canonical/rockwellautomation micrologix 1100
- canonical/rockwellautomation compactlogix 5370 l1 firmware
- version/rockwellautomation compactlogix 5370 l1 firmware/30.014
- canonical/rockwellautomation compactlogix 5370 l1
- canonical/rockwellautomation compactlogix 5370 l2 firmware
- version/rockwellautomation compactlogix 5370 l2 firmware/30.014
- canonical/rockwellautomation compactlogix 5370 l2
- canonical/rockwellautomation compactlogix 5370 l3 firmware
- version/rockwellautomation compactlogix 5370 l3 firmware/30.014
- canonical/rockwellautomation compactlogix 5370 l3