Use of Client-Side Authentication in Rockwell Automation products - CVE-2020-6988
Published: March 11, 2020
Vulnerability identifier: #VU25991
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-6988
CWE-ID: CWE-603
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Rockwell Automation
Affected software:
MicroLogix 1400 Controllers Series A
MicroLogix 1400 Controllers Series B
Allen-Bradley MicroLogix 1100
RSLogix 500 Software
MicroLogix 1400 Controllers Series A
MicroLogix 1400 Controllers Series B
Allen-Bradley MicroLogix 1100
RSLogix 500 Software
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.
The vulnerability exists due to a client/server product performs authentication within client code but not in server code. A remote attacker can send a specially crafted request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side.
This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.
How to mitigate CVE-2020-6988
Install updates from vendor's website.