Vulnerabilities > CVE-2019-10952 - Unspecified vulnerability in Rockwellautomation products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

critical

NVD

Published: 2019-05-01

Updated: 2024-11-21

Summary

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 5370 L1 Firmware 20.011 Rockwellautomation Compactlogix 5370 L1 Firmware 20.012 Rockwellautomation Compactlogix 5370 L1 Firmware 20.013 Rockwellautomation Compactlogix 5370 L1 Firmware 30.014 Rockwellautomation Compactlogix 5370 L2 Firmware 20.011 Rockwellautomation Compactlogix 5370 L2 Firmware 20.012 Rockwellautomation Compactlogix 5370 L2 Firmware 20.013 Rockwellautomation Compactlogix 5370 L2 Firmware 30.014 Rockwellautomation Compactlogix 5370 L3 Firmware 20.011 Rockwellautomation Compactlogix 5370 L3 Firmware 20.012 Rockwellautomation Compactlogix 5370 L3 Firmware 20.013 Rockwellautomation Compactlogix 5370 L3 Firmware 30.014 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.011 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.012 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.013 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 30.014	16
Hardware	Rockwellautomation Rockwellautomation Compactlogix 5370 L1 - Rockwellautomation Compactlogix 5370 L2 - Rockwellautomation Compactlogix 5370 L3 - Rockwellautomation Armor Compact Guardlogix 5370 -	4

Summary

Vulnerable Configurations

References