Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6984


Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.


Published

2020-03-16T16:15:14.670

Last Modified

2024-11-21T05:36:26.053

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-327
  • Type: Primary
    CWE-327

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System rockwellautomation micrologix_1400_a_firmware * Yes
Operating System rockwellautomation micrologix_1400_b_firmware ≤ 21.001 Yes
Hardware rockwellautomation micrologix_1400 - No
Operating System rockwellautomation micrologix_1100_firmware * Yes
Hardware rockwellautomation micrologix_1100 - No
Application rockwellautomation rslogix_500 ≤ 12.001 Yes

References