MEDIUM🇵🇱 Wersja polska

CVE-2019-10955

CVSS 6.1v3.0pub. 2019-04-25upd. 2026-06-03

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Rockwellautomation Compactlogix 5370 L1

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5370 L1 Firmware

    OS
    Rockwellautomation
    ≤ 30.014
  • Rockwellautomation Compactlogix 5370 L2

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5370 L2 Firmware

    OS
    Rockwellautomation
    ≤ 30.014
  • Rockwellautomation Compactlogix 5370 L3

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5370 L3 Firmware

    OS
    Rockwellautomation
    ≤ 30.014
  • Rockwellautomation Micrologix 1100

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1100 Firmware

    OS
    Rockwellautomation
    ≤ 14.00
  • Rockwellautomation Micrologix 1400

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400 A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400 B Firmware

    OS
    Rockwellautomation
    ≤ 15.002
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-1161CRITICAL10.0ten sam produkt

An attacker with the ability to modify a user program may change user program code on some ControlLogix, Compa...

CVE-2020-6990CRITICAL9.8ten sam produkt

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix...

CVE-2019-10952CRITICAL9.8ten sam produkt

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote...

CVE-2017-14465CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14463CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...