Vulnerability Change Records for CVE-2019-10955

Change History

Initial Analysis 5/02/2019 10:2:29 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:* versions up to (including) 30.014
     OR
          cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:* versions up to (including) 30.014
     OR
          cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:* versions up to (including) 30.014
     OR
          cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:* versions up to (including) 14.00
     OR
          cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:rockwellautomation:micrologix_1400_a_firmware:*:*:*:*:*:*:*:*
          *cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:* versions up to (including) 15.002
     OR
          cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added CWE

								
							
							
						
CWE-601
Changed Reference Type
https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01 No Types Assigned
https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01 Third Party Advisory, US Government Resource
Changed Reference Type
https://www.securityfocus.com/bid/108049 No Types Assigned
https://www.securityfocus.com/bid/108049 Third Party Advisory, VDB Entry