First published: Mon Mar 16 2020(Updated: )
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 A Firmware | ||
Rockwellautomation Micrologix 1400 B Firmware | <=21.001 | |
Rockwellautomation Micrologix 1400 | ||
Rockwellautomation Micrologix 1100 Firmware | ||
Rockwellautomation Micrologix 1100 | ||
Rockwellautomation Rslogix 500 | <=12.001 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6980 is a vulnerability in Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior that allows a local attacker with access to a victim's system to retrieve the Simple Mail Transfer Protocol (SMTP) account data saved in RSLogix 500.
CVE-2020-6980 has a severity value of 3.3, which is considered low.
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, and RSLogix 500 Software v12.001 and prior are affected by CVE-2020-6980.
An attacker with local access to a victim's system can exploit CVE-2020-6980 to retrieve the saved SMTP account data in RSLogix 500.
Yes, Rockwell Automation MicroLogix 1400 Series A is vulnerable to CVE-2020-6980.