Details of VAR-201903-0002

ID

VAR-201903-0002

CVE

CVE-2010-5305

TITLE

plural Rockwell Controller access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005715

DESCRIPTION

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. plural Rockwell The controller contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation PLC-5 is a programmable logic controller produced by Rockwell Automation in the United States. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2010-5305 // JVNDB: JVNDB-2010-005715 // VULHUB: VHN-47910

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	plc5 1785-lx	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwellautomation	model:	rslogix	scope:	eq	version:	*	Trust: 1.0
vendor:	rockwellautomation	model:	slc5\/01 1747-l5x	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwell automation	model:	plc5	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	rslogix	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	slc5/0x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2010-005715 // NVD: CVE-2010-5305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-5305
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2010-5305
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201903-990
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-47910
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-5305
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-47910
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2010-5305
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-47910 // JVNDB: JVNDB-2010-005715 // CNNVD: CNNVD-201903-990 // NVD: CVE-2010-5305

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.9
problemtype:	CWE-255	Trust: 1.0

sources: VULHUB: VHN-47910 // JVNDB: JVNDB-2010-005715 // NVD: CVE-2010-5305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-990

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-990

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-005715

PATCH

title:	Top Page	url:	http://www.rockwellautomation.com/	Trust: 0.8
title:	Rockwell PLC-5 and SLC 5/0x Repair measures for controller security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90434	Trust: 0.6

sources: JVNDB: JVNDB-2010-005715 // CNNVD: CNNVD-201903-990

EXTERNAL IDS

db:	NVD	id:	CVE-2010-5305	Trust: 2.5
db:	ICS CERT	id:	ICSA-10-070-02	Trust: 2.5
db:	JVNDB	id:	JVNDB-2010-005715	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-990	Trust: 0.7
db:	VULHUB	id:	VHN-47910	Trust: 0.1

sources: VULHUB: VHN-47910 // JVNDB: JVNDB-2010-005715 // CNNVD: CNNVD-201903-990 // NVD: CVE-2010-5305

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-10-070-02	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2010-5305	Trust: 1.4
url:	http://rockwellautomation.custhelp.com/app/answers/detail/a_id/66684/kw/vulnerability/r_id/115100	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-10-070-02	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5305	Trust: 0.8

sources: VULHUB: VHN-47910 // JVNDB: JVNDB-2010-005715 // CNNVD: CNNVD-201903-990 // NVD: CVE-2010-5305

SOURCES

db:	VULHUB	id:	VHN-47910
db:	JVNDB	id:	JVNDB-2010-005715
db:	CNNVD	id:	CNNVD-201903-990
db:	NVD	id:	CVE-2010-5305

LAST UPDATE DATE

2025-06-27T23:18:48.353000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-47910	date:	2020-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2010-005715	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-990	date:	2020-02-13T00:00:00
db:	NVD	id:	CVE-2010-5305	date:	2025-06-26T17:15:28.510

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-47910	date:	2019-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2010-005715	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-990	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2010-5305	date:	2019-03-26T18:29:00.263