CVE-2014-0755

EUVD-2014-0786
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
rockwellautomationrslogix_5000_design_and_configuration_software
7.0
rockwellautomationrslogix_5000_design_and_configuration_software
18.0
rockwellautomationrslogix_5000_design_and_configuration_software
20.01
rockwellautomationrslogix_5000_design_and_configuration_software
21.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/102858
http://www.securityfocus.com/bid/65337
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01
http://osvdb.org/102858
http://www.securityfocus.com/bid/65337
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981