CVE-2019-10955

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01

https://www.securityfocus.com/bid/108049

Details

Source: MITRE

Published: 2019-04-25

Updated: 2020-02-10

Type: CWE-601

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
500281Rockwellautomation Micrologix URL Redirection to Untrusted Site ('Open Redirect')Tenable.otSCADA
medium
125312Rockwell Automation MicroLogix 1100/1400 and CompactLogix 5370 Controllers Open Redirection VulnerabilityNessusSCADA
medium
720251Rockwell Automation MicroLogix and CompactLogix Multiple Controllers Open RedirectNessus Network MonitorSCADA
medium