CVE-2019-10952

{"id": "CVE-2019-10952", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-01T20:29:00.257", "references": [{"url": "http://www.securityfocus.com/bid/108118", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nAn attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering \n\nCompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.\n\n"}, {"lang": "es", "value": "Un atacante podr\u00eda enviar una petici\u00f3n HTTP/HTTPS creada para hacer que el servidor web no est\u00e9 disponible y/o provocar una ejecuci\u00f3n remota de c\u00f3digo causada por una vulnerabilidad de desbordamiento de b\u00fafer basada en la regi\u00f3n stack de memoria. Un reinicio en fr\u00edo es requerido para recuperar los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 versiones 20 a 30.014 y sistemas anteriores."}], "lastModified": "2023-06-20T17:15:09.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784B3054-96B7-4559-A6E8-FE3F2158BAD8", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "848B3145-24E4-445B-958A-4C3F84C4546C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F4DA02C-77E5-40A2-99B4-5A9475A2479A", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65092726-5567-488C-9E32-DC42D34E111D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C54374-E2EA-455E-AEDC-E587306258A5", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52C2F377-6F0D-4752-A4A3-C40604A8575D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10B94862-EBE9-4CBC-80C2-D65131035F34", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03FAA30B-C345-4DD4-A686-50989ADF4CC5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}