CVE-2019-10952
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
01/05/2019
Last modified:
20/02/2026
Description
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering <br />
<br />
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:* | 20.011 (including) | 30.014 (including) |
| cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:* | 20.011 (including) | 30.014 (including) |
| cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:* | 20.011 (including) | 30.014 (including) |
| cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:* | 20.011 (including) | 30.014 (including) |
| cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/108118
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
- http://www.securityfocus.com/bid/108118
- https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979