CVE-2020-6988

moderate-risk
Published 2020-03-16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Micrologix 1400 A Firmware
Micrologix 1100 Firmware
Rslogix 500

Affected Vendors

Rockwellautomation

References (2)

Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-070-06
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 10/34 · Low