CVE-2020-6980
First published: Mon Mar 16 2020(Updated: )
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Micrologix 1400 A Firmware | ||
| Rockwellautomation Micrologix 1400 B Firmware | <=21.001 | |
| Rockwellautomation Micrologix 1400 | ||
| Rockwellautomation Micrologix 1100 Firmware | ||
| Rockwellautomation Micrologix 1100 | ||
| Rockwellautomation Rslogix 500 | <=12.001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6980?
CVE-2020-6980 is a vulnerability in Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior that allows a local attacker with access to a victim's system to retrieve the Simple Mail Transfer Protocol (SMTP) account data saved in RSLogix 500.
What is the severity of CVE-2020-6980?
CVE-2020-6980 has a severity value of 3.3, which is considered low.
Which software versions are affected by CVE-2020-6980?
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, and RSLogix 500 Software v12.001 and prior are affected by CVE-2020-6980.
How can an attacker exploit CVE-2020-6980?
An attacker with local access to a victim's system can exploit CVE-2020-6980 to retrieve the saved SMTP account data in RSLogix 500.
Is Rockwell Automation MicroLogix 1400 Series A vulnerable to CVE-2020-6980?
Yes, Rockwell Automation MicroLogix 1400 Series A is vulnerable to CVE-2020-6980.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/rockwellautomation
- canonical/rockwellautomation micrologix 1400 a firmware
- canonical/rockwellautomation micrologix 1400 b firmware
- version/rockwellautomation micrologix 1400 b firmware/21.001
- canonical/rockwellautomation micrologix 1400
- canonical/rockwellautomation micrologix 1100 firmware
- canonical/rockwellautomation micrologix 1100
- canonical/rockwellautomation rslogix 500
- version/rockwellautomation rslogix 500/12.001