Vulnerability Description
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Micrologix 1400 A Firmware | All versions |
| Rockwellautomation | Micrologix 1400 B Firmware | <= 21.001 |
| Rockwellautomation | Micrologix 1400 | - |
| Rockwellautomation | Micrologix 1100 Firmware | All versions |
| Rockwellautomation | Micrologix 1100 | - |
| Rockwellautomation | Rslogix 500 | <= 12.001 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-6980?
CVE-2020-6980 is a vulnerability with a CVSS score of 3.3 (LOW). Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Tra...
How severe is CVE-2020-6980?
CVE-2020-6980 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6980?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1400 A Firmware, Rockwellautomation Micrologix 1400 B Firmware, Rockwellautomation Micrologix 1400, Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1100.