CVE-2010-5305

Опубликовано: 26 мар. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.

Ссылки

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/66684/kw/vulnerability/r_id/115100
https://www.cisa.gov/news-events/ics-advisories/icsa-10-070-02
https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rockwellautomation:rslogix:*:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:rockwellautomation:plc5_1785-lx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:plc5_1785-lx:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:rockwellautomation:slc5\/01_1747-l5x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:slc5\/01_1747-l5x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01854

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-255

CWE-284

Связанные уязвимости

GHSA-qxcv-34v8-5wrh