Multiple vulnrabilities in Rockwell Automation MicroLogix Controllers and RSLogix 500 Software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-6990 CVE-2020-6984 CVE-2020-6988 CVE-2020-6980 |
| CWE-ID | CWE-321 CWE-327 CWE-603 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MicroLogix 1400 Controllers Series A Client/Desktop applications / Software for system administration MicroLogix 1400 Controllers Series B Client/Desktop applications / Software for system administration Allen-Bradley MicroLogix 1100 Hardware solutions / Office equipment, IP-phones, print servers RSLogix 500 Software Client/Desktop applications / Other client software |
| Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU25989
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-6990
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose sensitive information on the target system.
The vulnerability exists due to the cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. A remote attacker can identify cryptographic keys.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroLogix 1400 Controllers Series A: All versions
MicroLogix 1400 Controllers Series B: 21.001
Allen-Bradley MicroLogix 1100: All versions
RSLogix 500 Software: before 11.00.00
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-070-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU25990
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-6984
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.
The vulnerability exists due to the cryptographic function utilized to protect the password in MicroLogix is discoverable. A remote attacker can gain access to sensitive project file information including passwords.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroLogix 1400 Controllers Series A: All versions
MicroLogix 1400 Controllers Series B: 21.001
Allen-Bradley MicroLogix 1100: All versions
RSLogix 500 Software: before 11.00.00
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-070-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Client-Side Authentication
EUVDB-ID: #VU25991
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-6988
CWE-ID:
CWE-603 - Use of Client-Side Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.
The vulnerability exists due to a client/server product performs authentication within client code but not in server code. A remote attacker can send a specially crafted request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side.
This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroLogix 1400 Controllers Series A: All versions
MicroLogix 1400 Controllers Series B: 21.001
Allen-Bradley MicroLogix 1100: All versions
RSLogix 500 Software: before 11.00.00
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-070-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext storage of sensitive information
EUVDB-ID: #VU25992
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-6980
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists when Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500 due to sensitive information is written to the project file in cleartext. A local attacker with access to a victim’s project may be able to gather SMTP server authentication data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroLogix 1400 Controllers Series A: All versions
MicroLogix 1400 Controllers Series B: 21.001
Allen-Bradley MicroLogix 1100: All versions
RSLogix 500 Software: before 11.00.00
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-070-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
