LiveActive security incident?Get immediate response
CVE Record

CVE-2019-10955: In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, Mi...

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.

MediumCVSS 6.1Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This vulnerability lets an attacker use affected Rockwell controller web interfaces as a trusted-looking redirect to a malicious website. It does not directly compromise the controller, but it can help phishing or malware delivery against users who click a crafted link.

Executive priority

Treat as a moderate-priority OT security issue. Prioritize environments where controller web interfaces are reachable beyond trusted engineering networks or where phishing risk to operators is high.

Technical view

CVE-2019-10955 is a CWE-601 open redirect in specified Rockwell MicroLogix and CompactLogix 5370 controllers. It is remotely reachable without authentication, but requires user interaction. CVSS v3.1 is 6.1, with low confidentiality and integrity impact and no availability impact.

Likely exposure

Exposure depends on whether affected controller web interfaces are reachable by users or networks that could receive malicious links. Internet-facing or broadly reachable management interfaces increase business risk.

Exploitation context

The source bundle does not show CISA KEV listing or active exploitation. Plausible abuse is social engineering: a user clicks a crafted controller URL and is redirected to a malicious site that may run or download malware.

Researcher notes

Evidence identifies affected products, versions, CVSS, and open-redirect behavior. The bundle does not provide exploit details, proof of active exploitation, or specific patch versions. Use vendor advisory details before declaring remediation complete.

Mitigation direction

  • Inventory Rockwell controller models and firmware versions listed as affected.
  • Review Rockwell and CISA advisory guidance for available fixes or compensating controls.
  • Limit access to controller web interfaces to trusted management networks.
  • Train operators to avoid unexpected controller links in email or messages.

Validation and detection

  • Confirm whether affected models and firmware versions exist in the environment.
  • Check whether controller web interfaces are reachable from untrusted networks.
  • Review security tools for suspicious links referencing controller web interfaces.
  • Document remediation status against the CISA/Rockwell advisory.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-601: User-session and phishing behavior lookup

Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-10955 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
6.1 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
2ADP providers
3Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
6.1CVSS 3.1MediumCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N2.82.7CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

6.1Medium
CVSS 3.1 vector shape for CVE-2019-10955Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Rockwell AutomationMicroLogix 1400 ControllersSeries A, All Versions Series B, v15.002 and earlierListed
Rockwell AutomationMicroLogix 1100 Controllersv14.00 and earlierListed
Rockwell AutomationCompactLogix 5370 L1 controllersv30.014 and earlierListed
Rockwell AutomationCompactLogix 5370 L2 controllersv30.014 and earlierListed
Rockwell AutomationCompactLogix 5370 L3 controllersv30.014 and earlierListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-601 · source CWE mapping

URL Redirection to Untrusted Site ('Open Redirect')

URL Redirection to Untrusted Site ('Open Redirect') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.