Rockwell Automation MicroLogix 1100/1400 and CompactLogix 5370 Controllers Open Redirection Vulnerability

medium Nessus Plugin ID 125312
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The MicroLogix 1100/1400 or CompactLogix 5370 controller is affected by an open redirect vulnerability.

Description

The Rockwell Automation MicroLogix 1100/1400 or CompactLogix 5370 controller web server is affected by an open redirect vulnerability.
An unauthenticated remote attacker can exploit this issue in conjunction with a social engineering attack to redirect the user to a malicious site that could run or download arbitrary malware on the user’s machine.

Solution

Apply MicroLogix 1100 firmware 15.000 or later;
Apply MicroLogix 1400 Series B firmware 15.003 or later;
Apply CompactLogix 5370 firmware 31.011 or later;
Disable the web server on MicroLogix 1400 Series A controllers.

See Also

http://www.nessus.org/u?2a07bbf0

Plugin Details

Severity: Medium

ID: 125312

File Name: scada_rockwell_multi_products_open_redirect.nbin

Version: 1.19

Type: remote

Family: SCADA

Published: 5/21/2019

Updated: 10/19/2021

Dependencies: scada_rockwell_micrologix_1100_plc_web_server_detect.nbin, scada_rockwell_micrologix_1400_plc_web_server_detect.nbin

Risk Information

CVSS Score Source: CVE-2019-10955

VPR

Risk Factor: Low

Score: 3

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2019

Vulnerability Publication Date: 4/23/2019

Reference Information

CVE: CVE-2019-10955

BID: 108049

ICSA: 19-113-01