CVE-2019-10970
published 2019-07-11CVE-2019-10970: In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.60%
90.5th percentile
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | panelview_5510_firmware | < 4.003 | 4.003 |
| rockwellautomation | panelview_5510_firmware | >= 5.000 < 5.002 | 5.002 |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on any EtherNet/IP or CIP protocol traffic originating from outside the manufacturing zone targeting ports 2222 and 44818 on PanelView 5510 devices. ↗
- ·Only PanelView 5510 units manufactured before March 13, 2019 AND that have never been updated to v4.003, v5.002, or later are vulnerable. Units updated to these versions are not affected. ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pr6-q8r5-4wq6: In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4
ghsa_unreviewed·2022-05-24
CVE-2019-10970 [CRITICAL] GHSA-3pr6-q8r5-4wq6: In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device?s file system.
CISA ICS
Rockwell Automation PanelView 5510
cisa_ics·2019-07-09·CVSS 9.8
[CRITICAL] Rockwell Automation PanelView 5510
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation PanelView 5510
Last RevisedJuly 09, 2019
Alert CodeICSA-19-190-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely
- Vendor: Rockwell Automation
- Equipment: PanelView 5510
- Vulnerability: Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of PanelView 5510, an HMI, are affected:
- All versions manufactured before March 13, 2019, that
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-07-11
Published