cbcvebase.
CVE-2019-10955
published 2019-04-25

CVE-2019-10955: In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier…

PriorityP433medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
3.04%
85.9th percentile
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

Affected

12 ranges
VendorProductVersion rangeFixed in
rockwell_automationcompactlogix_5370_l1_controllers
rockwell_automationcompactlogix_5370_l2_controllers
rockwell_automationcompactlogix_5370_l3_controllers
rockwell_automationmicrologix_1100_controllers
rockwell_automationmicrologix_1400_controllers
rockwell_automationmicrologix_1400_controllers
rockwell_automationmicrologix_1400_controllers
rockwellautomationcompactlogix_5370_l1_firmware<= 30.014
rockwellautomationcompactlogix_5370_l2_firmware<= 30.014
rockwellautomationcompactlogix_5370_l3_firmware<= 30.014
rockwellautomationmicrologix_1100_firmware<= 14.00
rockwellautomationmicrologix_1400_b_firmware<= 15.002

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.