Vulnerability Description
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Rslogix 5000 Design And Configuration Software | 7.0 |
| Rockwellautomation | Logix 5000 Controller | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/102858
- http://www.securityfocus.com/bid/65337
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01US Government Resource
- http://osvdb.org/102858
- http://www.securityfocus.com/bid/65337
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
FAQ
What is CVE-2014-0755?
CVE-2014-0755 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information...
How severe is CVE-2014-0755?
CVE-2014-0755 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0755?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Rslogix 5000 Design And Configuration Software, Rockwellautomation Logix 5000 Controller.