CVE-2010-5305 Vulnerability Details

  /     /     /  

CVE-2010-5305 Metadata Quick Info

CVE Published: 26/03/2019 | CVE Updated: 07/08/2024 | CVE Year: 2010
Source: icscert | Vendor: Rockwell Automation | Product: PLC5
Status : PUBLISHED

---

CVE-2010-5305 Description

The potential exists for exposure of the product\'s password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation\'s FactoryTalk Security services.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-255
CWE Name: Credentials management CWE-255
Source: Rockwell Automation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).