Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers URL Redirection to Untrusted Site (CVE-2019-10955)

medium Tenable OT Security Plugin ID 500281

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user's machine.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation has released a security advisory with mitigation steps that can be found at:

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1086288 (Login required)

Rockwell Automation recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.
Specifically, users should:

- Update to the latest available firmware revision that addresses the associated risk.
- Use trusted software, software patches, anti-virus/anti-malware programs, and interact only with trusted websites and attachments.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and devices behind firewalls and isolate them from the business network.
- When remote access is required, use secure methods such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
- Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.

See Also

https://www.securityfocus.com/bid/108049

https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01

http://www.nessus.org/u?ee4ba456

Plugin Details

Severity: Medium

ID: 500281

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2019-10955

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:micrologix_1400_b_firmware, cpe:/o:rockwellautomation:compactlogix_5370_l1_firmware, cpe:/o:rockwellautomation:compactlogix_5370_l2_firmware, cpe:/o:rockwellautomation:compactlogix_5370_l3_firmware, cpe:/o:rockwellautomation:micrologix_1100_firmware, cpe:/o:rockwellautomation:micrologix_1400_a_firmware

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 4/25/2019

Vulnerability Publication Date: 4/25/2019

Reference Information

CVE: CVE-2019-10955

CWE: 601

ICSA: 19-113-01