Sign-up

ID

VAR-201907-1441


CVE

CVE-2019-10970


TITLE

Rockwell Automation PanelView 5510 access control error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-38700 // CNNVD: CNNVD-201907-526

DESCRIPTION

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. Rockwell Automation PanelView 5510 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation PanelView 5510 is a graphical terminal device of Rockwell Automation. An access control error vulnerability exists in PanelView 5510 (produced before 2019-3-13). The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided. An attacker can exploit this issue to gain elevated privileges to root and perform unauthorized actions

Trust: 2.43

sources: NVD: CVE-2019-10970 // JVNDB: JVNDB-2019-006587 // CNVD: CNVD-2020-38700 // BID: 109105

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38700

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:panelview 5510scope:ltversion:4.003

Trust: 1.0

vendor:rockwellautomationmodel:panelview 5510scope:gteversion:5.000

Trust: 1.0

vendor:rockwellautomationmodel:panelview 5510scope:ltversion:5.002

Trust: 1.0

vendor:rockwell automationmodel:panelview 5510scope: - version: -

Trust: 0.8

vendor:rockwellmodel:automation panelviewscope:eqversion:5510

Trust: 0.6

vendor:rockwellmodel:automation panelviewscope:eqversion:55105.000

Trust: 0.3

vendor:rockwellmodel:automation panelviewscope:eqversion:55104.000

Trust: 0.3

vendor:rockwellmodel:automation panelviewscope:neversion:55105.002

Trust: 0.3

vendor:rockwellmodel:automation panelviewscope:neversion:55104.003

Trust: 0.3

sources: CNVD: CNVD-2020-38700 // BID: 109105 // JVNDB: JVNDB-2019-006587 // NVD: CVE-2019-10970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10970
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10970
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-38700
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-526
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10970
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-38700
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10970
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10970
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38700 // JVNDB: JVNDB-2019-006587 // CNNVD: CNNVD-201907-526 // NVD: CVE-2019-10970

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2019-006587 // NVD: CVE-2019-10970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-526

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-526

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006587

PATCH
title:Top Pageurl:https://www.rockwellautomation.com/en_NA/overview.page
Trust: 0.8
title:Patch for Rockwell Automation PanelView 5510 access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/225427
Trust: 0.6
title:Rockwell Automation PanelView 5510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94658
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38700 // 
            
            
            
            JVNDB: JVNDB-2019-006587 // 
            
            
            
            CNNVD: CNNVD-201907-526

EXTERNAL IDS
db:NVDid:CVE-2019-10970
Trust: 3.3
db:ICS CERTid:ICSA-19-190-02
Trust: 2.7
db:BIDid:109105
Trust: 1.9
db:JVNDBid:JVNDB-2019-006587
Trust: 0.8
db:CNVDid:CNVD-2020-38700
Trust: 0.6
db:AUSCERTid:ESB-2019.2522
Trust: 0.6
db:CNNVDid:CNNVD-201907-526
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38700 // 
            
            
            
            BID: 109105 // 
            
            
            
            JVNDB: JVNDB-2019-006587 // 
            
            
            
            CNNVD: CNNVD-201907-526 // 
            
            
            
            NVD: CVE-2019-10970

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-190-02
Trust: 2.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10970
Trust: 2.0
url:http://www.securityfocus.com/bid/109105
Trust: 1.6
url:http://www.rockwellautomation.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10970
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2522/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38700 // 
            
            
            
            BID: 109105 // 
            
            
            
            JVNDB: JVNDB-2019-006587 // 
            
            
            
            CNNVD: CNNVD-201907-526 // 
            
            
            
            NVD: CVE-2019-10970

CREDITS
Rockwell Automation
Trust: 0.9
sources:
            
            
            BID: 109105 // 
            
            
            
            CNNVD: CNNVD-201907-526

SOURCES
db:CNVDid:CNVD-2020-38700
db:BIDid:109105
db:JVNDBid:JVNDB-2019-006587
db:CNNVDid:CNNVD-201907-526
db:NVDid:CVE-2019-10970

LAST UPDATE DATE
2024-11-23T22:33:49.055000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-38700date:2020-07-14T00:00:00
db:BIDid:109105date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006587date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-526date:2020-10-09T00:00:00
db:NVDid:CVE-2019-10970date:2024-11-21T04:20:16.130

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-38700date:2020-07-14T00:00:00
db:BIDid:109105date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006587date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-526date:2019-07-09T00:00:00
db:NVDid:CVE-2019-10970date:2019-07-11T20:15:12.427