CVE-2019-10955: In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, Mi...
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Security readout for executives and security teams
Plain-English summary
This vulnerability lets an attacker use affected Rockwell controller web interfaces as a trusted-looking redirect to a malicious website. It does not directly compromise the controller, but it can help phishing or malware delivery against users who click a crafted link.
Executive priority
Treat as a moderate-priority OT security issue. Prioritize environments where controller web interfaces are reachable beyond trusted engineering networks or where phishing risk to operators is high.
Technical view
CVE-2019-10955 is a CWE-601 open redirect in specified Rockwell MicroLogix and CompactLogix 5370 controllers. It is remotely reachable without authentication, but requires user interaction. CVSS v3.1 is 6.1, with low confidentiality and integrity impact and no availability impact.
Likely exposure
Exposure depends on whether affected controller web interfaces are reachable by users or networks that could receive malicious links. Internet-facing or broadly reachable management interfaces increase business risk.
Exploitation context
The source bundle does not show CISA KEV listing or active exploitation. Plausible abuse is social engineering: a user clicks a crafted controller URL and is redirected to a malicious site that may run or download malware.
Researcher notes
Evidence identifies affected products, versions, CVSS, and open-redirect behavior. The bundle does not provide exploit details, proof of active exploitation, or specific patch versions. Use vendor advisory details before declaring remediation complete.
Mitigation direction
Inventory Rockwell controller models and firmware versions listed as affected.
Review Rockwell and CISA advisory guidance for available fixes or compensating controls.
Limit access to controller web interfaces to trusted management networks.
Train operators to avoid unexpected controller links in email or messages.
Validation and detection
Confirm whether affected models and firmware versions exist in the environment.
Check whether controller web interfaces are reachable from untrusted networks.
Review security tools for suspicious links referencing controller web interfaces.
Document remediation status against the CISA/Rockwell advisory.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-601: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-601 · source CWE mapping
URL Redirection to Untrusted Site ('Open Redirect')
URL Redirection to Untrusted Site ('Open Redirect') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.