9.8

CVE-2010-5305

EPSS 1.85%
Veröffentlicht 26.03.2019 18:29:00
Zuletzt bearbeitet 26.06.2025 17:15:28
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Rslogix

Rockwellautomation ≫ Plc5 1785-lx Firmware Version-

Rockwellautomation ≫ Plc5 1785-lx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.85%	0.824

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02

Third Party Advisory

US Government Resource

Mitigation

https://www.cisa.gov/news-events/ics-advisories/icsa-10-070-02

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/66684/kw/vulnerability/r_id/115100

https://nvd.nist.gov/vuln/detail/CVE-2010-5305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-5305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-5305

EUVD