Vulnerabilities > CVE-2019-10954 - Unspecified vulnerability in Rockwellautomation products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Vulnerable Configurations
References
- http://www.securityfocus.com/bid/108118
- http://www.securityfocus.com/bid/108118
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979