CVE-2020-6984

moderate-risk
Published 2020-03-16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Micrologix 1400 A Firmware
Micrologix 1100 Firmware
Rslogix 500

Affected Vendors

Rockwellautomation

References (2)

Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-070-06
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 10/34 · Low