cbcvebase.
CVE-2019-10970
published 2019-07-11

CVE-2019-10970: In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.60%
90.5th percentile
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwellautomationpanelview_5510_firmware< 4.0034.003
rockwellautomationpanelview_5510_firmware>= 5.000 < 5.0025.002

Detection & IOCsextracted from sources · hover to see the quote

port2222/TCP and UDP
port44818/TCP and UDP
  • Alert on any EtherNet/IP or CIP protocol traffic originating from outside the manufacturing zone targeting ports 2222 and 44818 on PanelView 5510 devices.
  • ·Only PanelView 5510 units manufactured before March 13, 2019 AND that have never been updated to v4.003, v5.002, or later are vulnerable. Units updated to these versions are not affected.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.