// For flags

CVE-2020-6990

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores; La clave criptográfica usada para ayudar a proteger la contraseña de cuenta está embebida en el archivo binario de RSLogix 500. Un atacante podría identificar claves criptográficas y usarlas para nuevos ataques criptográficos que finalmente podrían conllevar a que un atacante remoto consiga acceso no autorizado al controlador.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-14 CVE Reserved
  • 2020-03-16 CVE Published
  • 2024-04-25 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL Tag Source
https://www.us-cert.gov/ics/advisories/icsa-20-070-06 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1400 A Firmware
Search vendor "Rockwellautomation" for product "Micrologix 1400 A Firmware"
*-
Affected
in Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1400
Search vendor "Rockwellautomation" for product "Micrologix 1400"
--
Safe
Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1400 B Firmware
Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware"
 <= 21.001
Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.001"
-
Affected
in Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1400
Search vendor "Rockwellautomation" for product "Micrologix 1400"
--
Safe
Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1100 Firmware
Search vendor "Rockwellautomation" for product "Micrologix 1100 Firmware"
*-
Affected
in Rockwellautomation
Search vendor "Rockwellautomation"
 Micrologix 1100
Search vendor "Rockwellautomation" for product "Micrologix 1100"
--
Safe
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslogix 500
Search vendor "Rockwellautomation" for product "Rslogix 500"
 <= 12.001
Search vendor "Rockwellautomation" for product "Rslogix 500" and version " <= 12.001"
-
Affected