CVE-2019-10952
N/A
N/A
Summary
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | CompactLogix 5370 L1 controllers | 0 < 20 - 30 | affected |
| Rockwell Automation | CompactLogix 5370 L2 controllers | 0 < 20 - 30 | affected |
| Rockwell Automation | CompactLogix 5370 L3 controllers | 0 < 20 - 30 | affected |
| Rockwell Automation | Compact GuardLogix 5370 controllers | 0 < 20 - 30 | affected |
| Rockwell Automation | Armor Compact GuardLogix 5370 controllers | 0 < 20 - 30 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- http://www.securityfocus.com/bid/108118
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- http://www.securityfocus.com/bid/108118
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.