← Back

CVE-2020-6990

nvd nist
Published: Mar 16, 2020Modified: Jun 3, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Affected (4)

Rockwellautomation
4 products
Micrologix 1400 A Firmware
Micrologix 1400 B Firmware
Micrologix 1100 Firmware
Rslogix 500
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micrologix 1400 A Firmware
All versions
Micrologix 1400 B Firmware
Up to 21.001
Running on/withPlatform Versions
Rockwellautomation
Micrologix 1400
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micrologix 1100 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micrologix 1100
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Rslogix 500
Up to 12.001

Related CWEs

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.