Vulnerability Description
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Micrologix 1400 A Firmware | All versions |
| Rockwellautomation | Micrologix 1400 B Firmware | <= 21.001 |
| Rockwellautomation | Micrologix 1400 | - |
| Rockwellautomation | Micrologix 1100 Firmware | All versions |
| Rockwellautomation | Micrologix 1100 | - |
| Rockwellautomation | Rslogix 500 | <= 12.001 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-6988?
CVE-2020-6988 is a vulnerability with a CVSS score of 7.5 (HIGH). Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthen...
How severe is CVE-2020-6988?
CVE-2020-6988 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6988?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1400 A Firmware, Rockwellautomation Micrologix 1400 B Firmware, Rockwellautomation Micrologix 1400, Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1100.