CVE-2019-10970

Опубликовано: 11 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.

Ссылки

http://www.securityfocus.com/bid/109105
Third Party Advisory
VDB Entry
https://www.us-cert.gov/ics/advisories/icsa-19-190-02
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/109105
Third Party Advisory
VDB Entry
https://www.us-cert.gov/ics/advisories/icsa-19-190-02
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:rockwellautomation:panelview_5510_firmware:*:*:*:*:*:*:*:*

Версия до 4.003 (исключая)

cpe:2.3:o:rockwellautomation:panelview_5510_firmware:*:*:*:*:*:*:*:*

Версия от 5.000 (включая) до 5.002 (исключая)

cpe:2.3:h:rockwellautomation:panelview_5510:-:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.0004

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-3pr6-q8r5-4wq6

github

больше 3 лет назад