Vulnerabilities > CVE-2019-10954 - Stack-based Buffer Overflow vulnerability in Rockwellautomation products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-121

NVD

Published: 2019-05-01

Updated: 2023-06-20

Summary

An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 5370 L1 Firmware 20.011 Rockwellautomation Compactlogix 5370 L1 Firmware 20.012 Rockwellautomation Compactlogix 5370 L1 Firmware 20.013 Rockwellautomation Compactlogix 5370 L1 Firmware 30.014 Rockwellautomation Compactlogix 5370 L2 Firmware 20.011 Rockwellautomation Compactlogix 5370 L2 Firmware 20.012 Rockwellautomation Compactlogix 5370 L2 Firmware 20.013 Rockwellautomation Compactlogix 5370 L2 Firmware 30.014 Rockwellautomation Compactlogix 5370 L3 Firmware 20.011 Rockwellautomation Compactlogix 5370 L3 Firmware 20.012 Rockwellautomation Compactlogix 5370 L3 Firmware 20.013 Rockwellautomation Compactlogix 5370 L3 Firmware 30.014 Rockwellautomation Compact Guardlogix 5370 Firmware 20.011 Rockwellautomation Compact Guardlogix 5370 Firmware 20.012 Rockwellautomation Compact Guardlogix 5370 Firmware 20.013 Rockwellautomation Compact Guardlogix 5370 Firmware 30.014 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.011 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.012 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 20.013 Rockwellautomation Armor Compact Guardlogix 5370 Firmware 30.014	20
Hardware	Rockwellautomation Rockwellautomation Compactlogix 5370 L1 - Rockwellautomation Compactlogix 5370 L2 - Rockwellautomation Compactlogix 5370 L3 - Rockwellautomation Compact Guardlogix 5370 - Rockwellautomation Armor Compact Guardlogix 5370 -	5

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References