CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2020-6990
https://notcve.org/view.php?id=CVE-2020-6990
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores; La clave criptográfica usada para ayudar a proteger la contraseña de cuenta está embebida en el archivo binario de RSLogix 500. Un atacante podría identificar claves criptográficas y usarlas para nuevos ataques criptográficos que finalmente podrían conllevar a que un atacante remoto consiga acceso no autorizado al controlador. • https://www.us-cert.gov/ics/advisories/icsa-20-070-06 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6988
https://notcve.org/view.php?id=CVE-2020-6988
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores, un atacante no autenticado remoto puede enviar una petición desde el software RSLogix 500 hacia el controlador MicroLogix de la víctima. El controlador responderá al cliente con los valores de contraseña usados para autenticar al usuario en el lado del cliente. • https://www.us-cert.gov/ics/advisories/icsa-20-070-06 • CWE-287: Improper Authentication CWE-603: Use of Client-Side Authentication •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6980
https://notcve.org/view.php?id=CVE-2020-6980
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores, si los datos de la cuenta Simple Mail Transfer Protocol (SMTP) se guardan en RSLogix 500, un atacante local con acceso al proyecto de una víctima puede recopilar datos de autenticación del servidor SMTP tal y como están escritos en el archivo del proyecto en texto sin cifrar. • https://www.us-cert.gov/ics/advisories/icsa-20-070-06 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2020-6967 – Rockwell Automation FactoryTalk RNADiagnosticsSrv Deserialization Of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6967
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. En Rockwell Automation, todas las versiones del software FactoryTalk Diagnostics, un subsistema de la FactoryTalk Services Platform, FactoryTalk Diagnostics expone un endpoint .NET Remoting por medio del archivo RNADiagnosticsSrv.exe en TCPtcp/8082, lo cual puede deserializar de forma no segura los datos no confiables. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RNADiagnosticsSrv endpoint, which listens on TCP port 8082 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.us-cert.gov/ics/advisories/icsa-20-051-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13527 – Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13527
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. En Rockwell Automation Arena Simulación Software Cat. 9502-Axe, versiones 16.00.00 y anteriores, un archivo Arena diseñado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en el uso de un puntero que no ha sido inicializado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-993 • CWE-824: Access of Uninitialized Pointer •