CVE-2019-10952 Information
Feb 14, 2021
cve
Description
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1 L2 and L3 Controllers Compact GuardLogix 5370 controllers and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/108118 https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: