CVE Vulnerability

CVE-2019-10970

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.us-cert.gov/ics/advisories/icsa-19-190-02 Mitigation Third Party Advisory
http://www.securityfocus.com/bid/109105 Third Party Advisory VDB Entry
Configurations

Configuration 1
Information

Published : 2019-07-11 08:15

Updated : 2020-10-01 04:43

NVD link : CVE-2019-10970

Mitre link : CVE-2019-10970

Products Affected

Panelview 5510 Firmware

Rockwellautomation

CWE
NVD-CWE-Other