CVE-2019-10955 in MicroLogix 1100
Summary
by MITRE
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
The vulnerability identified as CVE-2019-10955 represents a critical open redirect flaw affecting multiple Rockwell Automation industrial control systems including MicroLogix 1400 and 1100 series controllers as well as CompactLogix 5370 series devices. This vulnerability exists in firmware versions up to and including v15.002 for MicroLogix 1400 Series A, v14.00 for MicroLogix 1100 controllers, and v30.014 for CompactLogix 5370 series controllers. The flaw stems from insufficient validation of redirect URLs within the web-based configuration interfaces of these industrial devices, creating a pathway for malicious actors to exploit the authentication mechanism and manipulate user navigation.
The technical implementation of this vulnerability allows an unauthenticated remote attacker to craft malicious URLs containing crafted redirect parameters that will be processed by the affected controllers' web servers. When a user clicks on such a malicious link, the controller's web interface will redirect the user to the attacker-controlled destination without proper validation. This behavior violates fundamental security principles of input sanitization and access control, creating an attack surface that can be leveraged for social engineering campaigns or direct malware delivery. The vulnerability maps directly to CWE-601 Open Redirect vulnerability category, which specifically addresses insecure redirection mechanisms that can be exploited to direct users to malicious websites.
The operational impact of this vulnerability extends beyond simple web interface manipulation and presents significant risks to industrial control system security. In industrial environments, these controllers often serve as entry points for network access and configuration management, making them attractive targets for attackers seeking to establish persistent access or deploy malware within critical infrastructure networks. The open redirect can be used to deliver phishing payloads or malware that targets the industrial control environment, potentially compromising the integrity of control systems and operational technology networks. This vulnerability aligns with ATT&CK technique T1190 for Exploit Public-Facing Application and T1071.004 for Application Layer Protocol: DNS, as attackers can leverage the vulnerability to redirect users to malicious domains that can be used for further exploitation or reconnaissance activities.
Organizations operating affected Rockwell Automation controllers should immediately implement network segmentation to isolate these devices from general network access and restrict web-based management interfaces to trusted administrative networks only. The most effective mitigations involve applying firmware updates from Rockwell Automation that address the redirect validation vulnerability, implementing network access controls to prevent unauthorized access to web interfaces, and deploying web application firewalls or intrusion prevention systems that can detect and block malicious redirect attempts. Additionally, administrators should conduct thorough network monitoring to detect anomalous traffic patterns that might indicate exploitation attempts, and establish incident response procedures specifically addressing potential social engineering attacks that could leverage this vulnerability to compromise operational technology environments.