Open Redirect Vulnerability in Rockwell Automation MicroLogix and CompactLogix Controllers
CVE-2019-10955

6.1MEDIUM

Key Information:

Vendor: Rockwell Automation
Status: Micrologix 1400 Controllers; Micrologix 1100 Controllers; Compactlogix 5370 L1 Controllers; Compactlogix 5370 L2 Controllers
Vendor: CVE Published:; 25 April 2019

Summary

An open redirect vulnerability exists in Rockwell Automation MicroLogix and CompactLogix Controllers, which may allow an unauthenticated remote attacker to exploit the system. By crafting a malicious link, the attacker could redirect users to harmful websites, potentially enabling the download and execution of arbitrary malware on their devices. This risk is present in various models of MicroLogix and CompactLogix controllers, making it imperative for users to take precautionary measures.

Affected Version(s)

CompactLogix 5370 L1 controllers v30.014 and earlier

CompactLogix 5370 L2 controllers v30.014 and earlier

CompactLogix 5370 L3 controllers v30.014 and earlier

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01

x_refsource_MISC

https://www.securityfocus.com/bid/108049

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Apr 8, 2019