fkie_cve-2019-10952
Vulnerability from fkie_nvd
Published
2019-05-01 20:29
Modified
2024-11-21 04:20
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
References
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/108118Third Party Advisory, VDB Entry
ics-cert@hq.dhs.govhttps://ics-cert.us-cert.gov/advisories/ICSA-19-120-01Third Party Advisory, US Government Resource
ics-cert@hq.dhs.govhttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108118Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
Impacted products
Vendor Product Version
rockwellautomation compactlogix_5370_l1_firmware *
rockwellautomation compactlogix_5370_l1 -
rockwellautomation compactlogix_5370_l2_firmware *
rockwellautomation compactlogix_5370_l2 -
rockwellautomation compactlogix_5370_l3_firmware *
rockwellautomation compactlogix_5370_l3 -
rockwellautomation armor_compact_guardlogix_5370_firmware *
rockwellautomation armor_compact_guardlogix_5370 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "784B3054-96B7-4559-A6E8-FE3F2158BAD8",
              "versionEndIncluding": "30.014",
              "versionStartIncluding": "20.011",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848B3145-24E4-445B-958A-4C3F84C4546C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4DA02C-77E5-40A2-99B4-5A9475A2479A",
              "versionEndIncluding": "30.014",
              "versionStartIncluding": "20.011",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65092726-5567-488C-9E32-DC42D34E111D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C54374-E2EA-455E-AEDC-E587306258A5",
              "versionEndIncluding": "30.014",
              "versionStartIncluding": "20.011",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C2F377-6F0D-4752-A4A3-C40604A8575D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10B94862-EBE9-4CBC-80C2-D65131035F34",
              "versionEndIncluding": "30.014",
              "versionStartIncluding": "20.011",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FAA30B-C345-4DD4-A686-50989ADF4CC5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nAn attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering \n\nCompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.\n\n"
    },
    {
      "lang": "es",
      "value": "Un atacante podr\u00eda enviar una petici\u00f3n HTTP/HTTPS creada para hacer que el servidor web no est\u00e9 disponible y/o provocar una ejecuci\u00f3n remota de c\u00f3digo causada por una vulnerabilidad de desbordamiento de b\u00fafer basada en la regi\u00f3n stack de memoria. Un reinicio en fr\u00edo es requerido para recuperar los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 versiones 20 a 30.014 y sistemas anteriores."
    }
  ],
  "id": "CVE-2019-10952",
  "lastModified": "2024-11-21T04:20:13.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-01T20:29:00.257",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108118"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.