Open Redirect in Rockwell Automation Compactlogix 5370 L1 Controllers
CVE-2019-10955
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers…
Vulnerability class: Open Redirect
EPSS: 0.029 (86.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Rockwell Automation Compactlogix 5370 L1 Controllers — versions v30.014 and earlier
- Rockwell Automation Compactlogix 5370 L2 Controllers — versions v30.014 and earlier
- Rockwell Automation Compactlogix 5370 L3 Controllers — versions v30.014 and earlier
- Rockwell Automation Micrologix 1100 Controllers — versions v14.00 and earlier
- Rockwell Automation Micrologix 1400 Controllers — versions Series A, All Versions Series B, v15.002 and earlier
- Rockwellautomation Compactlogix_5370_l1
- Rockwellautomation Compactlogix_5370_l1_firmware
- Rockwellautomation Compactlogix_5370_l2
- Rockwellautomation Compactlogix_5370_l2_firmware
- Rockwellautomation Compactlogix_5370_l3
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
- ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2019-10955?
- CVE-2019-10955 is a medium-severity vulnerability in Rockwell Automation Compactlogix 5370 L1 Controllers, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2019-04-25.
- How severe is CVE-2019-10955?
- Medium severity. CVSS v3 base score is 6.1 out of 10.