CVE-2020-6990
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores; La clave criptográfica usada para ayudar a proteger la contraseña de cuenta está embebida en el archivo binario de RSLogix 500. Un atacante podría identificar claves criptográficas y usarlas para nuevos ataques criptográficos que finalmente podrían conllevar a que un atacante remoto consiga acceso no autorizado al controlador.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2020-03-16 CVE Published
- 2024-04-25 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-070-06 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 A Firmware Search vendor "Rockwellautomation" for product "Micrologix 1400 A Firmware" | * | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 Search vendor "Rockwellautomation" for product "Micrologix 1400" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 B Firmware Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" | <= 21.001 Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.001" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 Search vendor "Rockwellautomation" for product "Micrologix 1400" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1100 Firmware Search vendor "Rockwellautomation" for product "Micrologix 1100 Firmware" | * | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1100 Search vendor "Rockwellautomation" for product "Micrologix 1100" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Rslogix 500 Search vendor "Rockwellautomation" for product "Rslogix 500" | <= 12.001 Search vendor "Rockwellautomation" for product "Rslogix 500" and version " <= 12.001" | - |
Affected
|