CVE-2019-10954

{"id": "CVE-2019-10954", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-01T19:29:00.237", "references": [{"url": "http://www.securityfocus.com/bid/108118", "tags": ["Broken Link"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01", "tags": ["US Government Resource", "Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.\n\n"}, {"lang": "es", "value": "Un atacante podr\u00eda enviar paquetes SMTP creados para causar una condici\u00f3n de denegaci\u00f3n de servicio en la que el controlador entra en un estado de fallo superior no recuperable (MNRF) en los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 de las versiones 20 a 30.014 y anteriores."}], "lastModified": "2023-06-20T15:15:10.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784B3054-96B7-4559-A6E8-FE3F2158BAD8", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "848B3145-24E4-445B-958A-4C3F84C4546C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F4DA02C-77E5-40A2-99B4-5A9475A2479A", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65092726-5567-488C-9E32-DC42D34E111D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C54374-E2EA-455E-AEDC-E587306258A5", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52C2F377-6F0D-4752-A4A3-C40604A8575D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C29BC1EB-CF08-443B-991D-7E1C4A12F974", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F951670-AF4D-4429-8BC1-79BDEF83B2C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10B94862-EBE9-4CBC-80C2-D65131035F34", "versionEndIncluding": "30.014", "versionStartIncluding": "20.011"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03FAA30B-C345-4DD4-A686-50989ADF4CC5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}