CVE-2019-10954

Name of the Vulnerable Software and Affected Versions CompactLogix 5370 L1, L2, and L3 Controllers versions 20 through 30 Compact GuardLogix 5370 controllers versions 20 through 30 Armor Compact GuardLogix 5370 Controllers versions 20 through 30

Description An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state. This issue affects CompactLogix 5370 and Compact GuardLogix 5370 controllers.

Recommendations For versions 20 through 30 of CompactLogix 5370 L1, L2, and L3 Controllers, consider disabling the SMTP functionality until a patch is available. For versions 20 through 30 of Compact GuardLogix 5370 controllers, restrict access to the SMTP service to minimize the risk of exploitation. For versions 20 through 30 of Armor Compact GuardLogix 5370 Controllers, avoid using the affected controllers in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.