Severity:
Critical,
High
Advisory ID:
PN1616
发布日期:
January 27, 2023
上次更新时间:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
CVE IDs
CVE-2019-5097,
CVE-2019-5096
摘要
CVE-2019-5096 and CVE 2019-5097 Vulnerabilities Impact Multiple Products
Version
1.1
Revision History
Version 1.0 – January 27, 2023
Version 1.1 - September 8, 2025
Executive Summary
Rockwell Automation is aware of multiple products that use the GoAhead web server application that are affected by CVE 2019-5096 and CVE 2019-5097. These security issues could potentially have a high impact on the confidentiality, integrity and availability of the vulnerable devices. We have not received any notice of these security issues being usedin Rockwell Automation products.
Customers using the affected products should use the mitigations provided below. Additional details relating to the discovered scurity issues, including impact and recommended countermeasures are below.
Customers using the affected products should use the mitigations provided below. Additional details relating to the discovered scurity issues, including impact and recommended countermeasures are below.
Affected Products
CVE -2019-5096 and CVE 2019-5097
| Catalog Number | Firmware Version |
| 1732E-8CFGM8R/A | 1.012 |
| 1732E-IF4M12R/A (discontinued) | 1.012 |
| 1732E-IR4IM12R/A | 1.012 |
| 1732E-IT4IM12R/A | 1.012 |
| 1732E-OF4M12R/A | 1.012 |
| 1732E-OB8M8SR/A | 1.013 |
| 1732E-IB8M8SOER | 1.012 |
| 1732E-8IOLM12R | 2.011 |
| 1747-AENTR | 2.002 |
| 1769-AENTR | 1.001 |
| 5069-AEN2TR | 3.011 |
| 1756-EN2TR/C | <=11.001 |
| 1756-EN2T/D | <=11.001 |
| 1756-EN2TSC/B (discontinued) | 10.01 |
| 1756-EN2TSC/B | 10.01 |
| 1756-HIST1G/A (discontinued) | <=3.054 |
| 1756-HIST2G/A(discontinued) | <=3.054 |
| 1756-HIST2G/B | <=5.103 |
CVE 2019 -5097
| Catalog Number | Firmware Version |
| ControlLogix® 5580 controllers | V28 – V32* |
| GuardLogix® 5580 controllers | V31 – V32* |
| CompactLogix™ 5380 controllers | V28 – V32* |
| Compact GuardLogix 5380 controllers | V31 – V32* |
| CompactLogix 5480 controllers | V32* |
| 1756-EN2T/D | 11.001* |
| 1756-EN2TR/C | 11.001* |
| 1765–EN3TR/B | 11.001* |
| 1756-EN2F/C | 11.001* |
| 1756-EN2TP/A | 11.001* |
* The security issue is only usable via the Ethernet port. It is not useable via backplane or USB communications.
Security Issue Details
Rockwell Automation was made aware of two third-party security issues that affect the GoAhead embedded web server. A critical security issue (CVE-2019-5096) exists in the way requests are processed by the web server. A threat actor could use this to execute arbitrary code by sending specially crafted HTTP requests to the targeted device.
Additionally, a denial-of-service (DoS) vulnerability (CVE-2019 5097) exists in the GoAhead web server. To use this security issue, a threat actor would have to send specially crafted HTTP requests. This would trigger an infinite loop in the process and the targeted device could then crash.
CVE 2019-5096 EmbedThis GoAhead web server code execution vulnerability
CVE 2019-5097 EmbedThis GoAhead web server denial-of-service vulnerability
Additionally, a denial-of-service (DoS) vulnerability (CVE-2019 5097) exists in the GoAhead web server. To use this security issue, a threat actor would have to send specially crafted HTTP requests. This would trigger an infinite loop in the process and the targeted device could then crash.
CVE 2019-5096 EmbedThis GoAhead web server code execution vulnerability
CVSS Base Score: 9.8/10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVE 2019-5097 EmbedThis GoAhead web server denial-of-service vulnerability
CVSS Base Score: 7.5/10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HRisk Mitigation & User Action
Customers should use the below mitigations.
| Product | Suggested Actions |
| 1732E-8CFGM8R/A | Refer to Additional Mitigations |
| 1732E-IF4M12R/A | Refer to Additional Mitigations |
| 1732E-IR4IM12R/A | Refer to Additional Mitigations |
| 1732E-IT4IM12R/A | Refer to Additional Mitigations |
| 1732E-OF4M12R/A | Refer to Additional Mitigations |
| 1732E-OB8M8SR/A | Refer to Additional Mitigations |
| 1732E-IB8M8SOER | Refer to Additional Mitigations |
| 1732E-8IOLM12R | Refer to Additional Mitigations |
| 1747-AENTR | Refer to Additional Mitigations |
| 1769-AENTR | Update to 1.003 or later |
| 5069-AEN2TR (discontinued) | Migrate to the 5069-AENTR |
| 1756-EN2T/D | Update to 11.002 or later |
| 1756-EN2TR/C | Update to 11.002 or later |
| 1756-EN3TR/B | Update to 11.002 or later |
| 1756-EN2F/C | Update to 11.002 or later |
| 1756-EN2TP/A | Update to 11.002 or later |
| 1756-EN2TSC/B | Refer to Additional Mitigations |
| 1756-HIST1G/A (discontinued) | Update to series B v5.104 or C 7.100 or later |
| 1756-HIST2G/A (discontinued) | Update to series B v5.104 or C 7.100 or later |
| 1756-HIST2G/B | Update to 5.104 or later |
| 1756-EN2F/C | Update to 11.002 or later |
| ControlLogix 5580 controllers | Update to V32.016 or later |
| GuardLogix 5580 controllers | Update to V32.016 or later |
| CompactLogix 5380 controllers | Update to V32.016 or later |
| Compact GuardLogix 5380 controllers | Update to V32.016 or later |
| CompactLogix 5480 | Update to V32.016 or later |
Additional Mitigations
If updating firmware is not possible or unavailable, customers should use the mitigations to help minimize risks.- Disable the web server, if possible. Review the product user manual for instructions, which can be found in the Rockwell Automation Literature Library.
- For 1732E, upgrade to the latest firmware to disable the web server.
- Configure firewalls to not allow network communication through HTTP/Port 80.
References
Glossary
Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations
HTTP Requests: (Hypertext Transfer Protocol) primarily used to fetch resources such as HTML documents, images, videos, and scripts. When a user requests a web page, the browser sends an HTTP request to the server, which then responds with the requested resource
Copyright ©2022 Rockwell Automation, Inc.