CVE-2020-6980

Published: Mar 16, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Affected (4)

Products: Rockwellautomation: Micrologix 1400 A Firmware, Micrologix 1400 B Firmware, Micrologix 1100 Firmware, Rslogix 500

Rockwellautomation

4 products

Micrologix 1400 A Firmware

Micrologix 1400 B Firmware

Micrologix 1100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micrologix 1400 A Firmware	All versions
Rockwellautomation Micrologix 1400 B Firmware	Up to 21.001

Running on/with	Platform Versions
Rockwellautomation Micrologix 1400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micrologix 1100 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micrologix 1100	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Rslogix 500	Up to 12.001

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-070-06

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-070-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.