Vulnerability Description
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Micrologix 1400 A Firmware | All versions |
| Rockwellautomation | Micrologix 1400 B Firmware | <= 21.001 |
| Rockwellautomation | Micrologix 1400 | - |
| Rockwellautomation | Micrologix 1100 Firmware | All versions |
| Rockwellautomation | Micrologix 1100 | - |
| Rockwellautomation | Rslogix 500 | <= 12.001 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-070-06Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-6990?
CVE-2020-6990 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic ...
How severe is CVE-2020-6990?
CVE-2020-6990 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-6990?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1400 A Firmware, Rockwellautomation Micrologix 1400 B Firmware, Rockwellautomation Micrologix 1400, Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1100.