Loading

PN1616 | CVE-2019-5096 and CVE 2019-5097 Vulnerabilities Impact Multiple Products

Severity:
Critical,
High
Advisory ID:
PN1616
发布日期:
January 27, 2023
上次更新时间:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
CVE IDs
CVE-2019-5097,
CVE-2019-5096
摘要
CVE-2019-5096 and CVE 2019-5097 Vulnerabilities Impact Multiple Products

 

Version
1.1
Revision History
Version 1.0 – January 27, 2023
Version 1.1 - September 8, 2025

Executive Summary

Rockwell Automation is aware of multiple products that use the GoAhead web server application that are affected by CVE 2019-5096 and CVE 2019-5097. These security issues could potentially have a high impact on the confidentiality, integrity and availability of the vulnerable devices. We have not received any notice of these security issues being usedin Rockwell Automation products.

Customers using the affected products should use the mitigations provided below. Additional details relating to the discovered scurity issues, including impact and recommended countermeasures are below.

Affected Products

CVE -2019-5096 and CVE 2019-5097

Catalog Number Firmware Version
1732E-8CFGM8R/A 1.012
1732E-IF4M12R/A (discontinued) 1.012
1732E-IR4IM12R/A 1.012
1732E-IT4IM12R/A 1.012
1732E-OF4M12R/A 1.012
1732E-OB8M8SR/A 1.013
1732E-IB8M8SOER 1.012
1732E-8IOLM12R 2.011
1747-AENTR 2.002
1769-AENTR 1.001
5069-AEN2TR 3.011
1756-EN2TR/C <=11.001
1756-EN2T/D <=11.001
1756-EN2TSC/B (discontinued) 10.01
1756-EN2TSC/B 10.01
1756-HIST1G/A (discontinued) <=3.054
1756-HIST2G/A(discontinued) <=3.054
1756-HIST2G/B <=5.103

CVE 2019 -5097

Catalog Number Firmware Version
ControlLogix® 5580 controllers V28 – V32*
GuardLogix® 5580 controllers V31 – V32*
CompactLogix™ 5380 controllers V28 – V32*
Compact GuardLogix 5380 controllers V31 – V32*
CompactLogix 5480 controllers V32*
1756-EN2T/D 11.001*
1756-EN2TR/C 11.001*
1765–EN3TR/B 11.001*
1756-EN2F/C 11.001*
1756-EN2TP/A 11.001*

* The security issue is only usable via the Ethernet port. It is not useable via backplane or USB communications.

Security Issue Details

Rockwell Automation was made aware of two third-party security issues that affect the GoAhead embedded web server. A critical security issue (CVE-2019-5096) exists in the way requests are processed by the web server. A threat actor could use this to execute arbitrary code by sending specially crafted HTTP requests to the targeted device.

Additionally, a denial-of-service (DoS) vulnerability (CVE-2019 5097) exists in the GoAhead web server. To use this security issue, a threat actor would have to send specially crafted HTTP requests. This would trigger an infinite loop in the process and the targeted device could then crash.

CVE 2019-5096 EmbedThis GoAhead web server code execution vulnerability
CVSS Base Score:  9.8/10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


CVE 2019-5097 EmbedThis GoAhead web server denial-of-service vulnerability
CVSS Base Score:  7.5/10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Risk Mitigation & User Action

Customers should use the below mitigations.
Product Suggested Actions
1732E-8CFGM8R/A Refer to Additional Mitigations
1732E-IF4M12R/A Refer to Additional Mitigations
1732E-IR4IM12R/A Refer to Additional Mitigations
1732E-IT4IM12R/A Refer to Additional Mitigations
1732E-OF4M12R/A Refer to Additional Mitigations
1732E-OB8M8SR/A Refer to Additional Mitigations
1732E-IB8M8SOER Refer to Additional Mitigations
1732E-8IOLM12R Refer to Additional Mitigations
1747-AENTR Refer to Additional Mitigations
1769-AENTR Update to 1.003 or later
5069-AEN2TR (discontinued) Migrate to the 5069-AENTR
1756-EN2T/D Update to 11.002 or later
1756-EN2TR/C Update to 11.002 or later
1756-EN3TR/B Update to 11.002 or later
1756-EN2F/C Update to 11.002 or later
1756-EN2TP/A Update to 11.002 or later
1756-EN2TSC/B Refer to Additional Mitigations
1756-HIST1G/A (discontinued) Update to series B v5.104 or C 7.100 or later
1756-HIST2G/A (discontinued) Update to series B v5.104 or C 7.100 or later
1756-HIST2G/B Update to 5.104 or later
1756-EN2F/C Update to 11.002 or later
ControlLogix 5580 controllers Update to V32.016 or later
GuardLogix 5580 controllers Update to V32.016 or later
CompactLogix 5380 controllers Update to V32.016 or later
Compact GuardLogix 5380 controllers Update to V32.016 or later
CompactLogix 5480 Update to V32.016 or later

Additional Mitigations

If updating firmware is not possible or unavailable, customers should use the mitigations to help minimize risks.
  • Disable the web server, if possible. Review the product user manual for instructions, which can be found in the Rockwell Automation Literature Library.
    • For 1732E, upgrade to the latest firmware to disable the web server.
  • Configure firewalls to not allow network communication through HTTP/Port 80.
Please see our Knowledgebase article, QA43240 - Recommended Security Guidelines from Rockwell Automation, for more recommendations about maintaining your environment.

References

  • NVD - CVE-2019-5096 (nist.gov)
  • NVD - CVE-2019-5097 (nist.gov)

Glossary

Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations

HTTP Requests: (Hypertext Transfer Protocol) primarily used to fetch resources such as HTML documents, images, videos, and scripts. When a user requests a web page, the browser sends an HTTP request to the server, which then responds with the requested resource

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 主页
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
请更新您的Cookies偏好以继续.
此功能需要Cookies来增强您的体验。请更新您的系统偏好以允许使用这些Cookies:
  • 社交媒体Cookies
  • 功能Cookies
  • 性能 Cookies
  • 市场营销Cookies
  • 所有Cookies
您可以随时更新您的系统偏好。如需了解更多信息,请参阅我们的 {0} 隐私政策
CloseClose