An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108118 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 | Third Party Advisory US Government Resource |
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2019-05-01 20:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-10952
Mitre link : CVE-2019-10952
CVE.ORG link : CVE-2019-10952
JSON object : View
Products Affected
rockwellautomation
- compactlogix_5370_l2
- compactlogix_5370_l3
- compactlogix_5370_l2_firmware
- compactlogix_5370_l1_firmware
- armor_compact_guardlogix_5370
- armor_compact_guardlogix_5370_firmware
- compactlogix_5370_l1
- compactlogix_5370_l3_firmware