6.1
CVE-2019-10955
- EPSS 2.99%
- Veröffentlicht 25.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:13
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Micrologix 1400 B Firmware Version <= 15.002
Rockwellautomation ≫ Micrologix 1100 Firmware Version <= 14.00
Rockwellautomation ≫ Compactlogix 5370 L1 Firmware Version <= 30.014
Rockwellautomation ≫ Compactlogix 5370 L2 Firmware Version <= 30.014
Rockwellautomation ≫ Compactlogix 5370 L3 Firmware Version <= 30.014
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.99% | 0.861 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.