CVE-2019-10970
Last modified
CVE-2019-10970 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.. EPSS estimates a 4.60% chance of exploitation in the next 30 days.
Description
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Panelview 5510 Firmware | < 4.003 |
| Rockwellautomation | Panelview 5510 Firmware | >= 5.000, < 5.002 |
References
- http://www.securityfocus.com/bid/109105Third Party Advisory, VDB Entry
- https://www.us-cert.gov/ics/advisories/icsa-19-190-02Mitigation, Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/109105Third Party Advisory, VDB Entry
- https://www.us-cert.gov/ics/advisories/icsa-19-190-02Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10970?
How severe is CVE-2019-10970?
How do I fix CVE-2019-10970?
Are you affected by CVE-2019-10970?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST