CVE-2020-6984

EUVD-2020-28124
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
rockwellautomationmicrologix_1400_a_firmware
*
rockwellautomationmicrologix_1400_b_firmware
𝑥
≤ 21.001
rockwellautomationmicrologix_1100_firmware
*
rockwellautomationrslogix_500
𝑥
≤ 12.001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsa-20-070-06
https://www.us-cert.gov/ics/advisories/icsa-20-070-06