CVE-2019-10954 — HIGH (7.5)

Q: How severe is CVE-2019-10954?

CVE-2019-10954 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10954?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Compactlogix 5370 L1 Firmware, Rockwellautomation Compactlogix 5370 L1, Rockwellautomation Compactlogix 5370 L2 Firmware, Rockwellautomation Compactlogix 5370 L2, Rockwellautomation Compactlogix 5370 L3 Firmware.

Vulnerability Description

An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Compactlogix 5370 L1 Firmware	>= 20.011, <= 30.014
Rockwellautomation	Compactlogix 5370 L1	-
Rockwellautomation	Compactlogix 5370 L2 Firmware	>= 20.011, <= 30.014
Rockwellautomation	Compactlogix 5370 L2	-
Rockwellautomation	Compactlogix 5370 L3 Firmware	>= 20.011, <= 30.014
Rockwellautomation	Compactlogix 5370 L3	-
Rockwellautomation	Compact Guardlogix 5370 Firmware	>= 20.011, <= 30.014
Rockwellautomation	Compact Guardlogix 5370	-
Rockwellautomation	Armor Compact Guardlogix 5370 Firmware	>= 20.011, <= 30.014
Rockwellautomation	Armor Compact Guardlogix 5370	-

Related Weaknesses (CWE)

CWE-121 CWE-787

References

http://www.securityfocus.com/bid/108118Broken Link
https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01Third Party AdvisoryUS Government Resource
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979
http://www.securityfocus.com/bid/108118Broken Link
https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01Third Party AdvisoryUS Government Resource
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979

FAQ

What is CVE-2019-10954?

CVE-2019-10954 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controll...

How severe is CVE-2019-10954?

CVE-2019-10954 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10954?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Compactlogix 5370 L1 Firmware, Rockwellautomation Compactlogix 5370 L1, Rockwellautomation Compactlogix 5370 L2 Firmware, Rockwellautomation Compactlogix 5370 L2, Rockwellautomation Compactlogix 5370 L3 Firmware.