CVE-2019-10952
Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Un atacante podría enviar una petición HTTP/HTTPS creada para hacer que el servidor web no esté disponible y/o provocar una ejecución remota de código causada por una vulnerabilidad de desbordamiento de búfer basada en la región stack de memoria. Un reinicio en frío es requerido para recuperar los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 versiones 20 a 30.014 y sistemas anteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-08 CVE Reserved
- 2019-05-01 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108118 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 | Third Party Advisory | |
| https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L1 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1 Firmware" | >= 20.011 <= 30.014 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1 Firmware" and version " >= 20.011 <= 30.014" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L1 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L2 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2 Firmware" | >= 20.011 <= 30.014 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2 Firmware" and version " >= 20.011 <= 30.014" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L2 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L3 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3 Firmware" | >= 20.011 <= 30.014 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3 Firmware" and version " >= 20.011 <= 30.014" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Compactlogix 5370 L3 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Armor Compact Guardlogix 5370 Firmware Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370 Firmware" | >= 20.011 <= 30.014 Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370 Firmware" and version " >= 20.011 <= 30.014" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Armor Compact Guardlogix 5370 Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370" | - | - |
Safe
|