CVE-2019-10952

Name of the Vulnerable Software and Affected Versions CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers versions 20 through 30 and earlier.

Description An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering.

Recommendations For versions 20 through 30 and earlier, a cold restart is required to recover from the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.