Rockwell Automation MicroLogix 1100/1400 and CompactLogix 5370 Controllers Open Redirection Vulnerability

Medium Nessus Plugin ID 125312

Synopsis

The MicroLogix 1100/1400 or CompactLogix 5370 controller is affected by an open redirect vulnerability.

Description

The Rockwell Automation MicroLogix 1100/1400 or CompactLogix 5370 controller web server is affected by an open redirect vulnerability.
An unauthenticated remote attacker can exploit this issue in conjunction with a social engineering attack to redirect the user to a malicious site that could run or download arbitrary malware on the user’s machine.

Solution

Apply MicroLogix 1100 firmware 15.000 or later;
Apply MicroLogix 1400 Series B firmware 15.003 or later;
Apply CompactLogix 5370 firmware 31.011 or later;
Disable the web server on MicroLogix 1400 Series A controllers.

See Also

http://www.nessus.org/u?2a07bbf0

Plugin Details

Severity: Medium

ID: 125312

File Name: scada_rockwell_multi_products_open_redirect.nbin

Version: 1.7

Type: remote

Family: SCADA

Published: 2019/05/21

Updated: 2020/02/11

Dependencies: 84569, 90600

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-10955

CVSS v2.0

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/04/23

Vulnerability Publication Date: 2019/04/23

Reference Information

CVE: CVE-2019-10955

BID: 108049

ICSA: 19-113-01