CVE-2019-10955

Name of the Vulnerable Software and Affected Versions MicroLogix 1400 versions A through B MicroLogix 1100 versions prior to v14.00 CompactLogix 5370 L1 versions prior to v30.014 CompactLogix 5370 L2 versions prior to v30.014 CompactLogix 5370 L3 versions prior to v30.014

Description The issue is related to an open redirect vulnerability that could allow a remote unauthenticated attacker to input a malicious link and redirect users to a malicious site, potentially running or downloading arbitrary malware on the user's machine. This is achieved by exploiting the vulnerability to redirect the user to a non-trusted site using a specially crafted URL.

Recommendations For MicroLogix 1400 versions A through B, update to a version later than Series B. For MicroLogix 1100 versions prior to v14.00, update to a version later than v14.00. For CompactLogix 5370 L1 versions prior to v30.014, update to a version later than v30.014. For CompactLogix 5370 L2 versions prior to v30.014, update to a version later than v30.014. For CompactLogix 5370 L3 versions prior to v30.014, update to a version later than v30.014.