cbcvebase.
CVE-2020-6990
published 2020-03-16

CVE-2020-6990: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.23%
89.8th percentile
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwellautomationmicrologix_1400_b_firmware<= 21.001
rockwellautomationrslogix_500<= 12.001

Detection & IOCsextracted from sources · hover to see the quote

  • The cryptographic key for account password protection is hard-coded into the RSLogix 500 binary file; reverse engineering the binary can reveal the key for use in further cryptographic attacks against MicroLogix controllers.
  • ·CVE-2020-6990 affects RSLogix 500 Software v12.001 and prior, and MicroLogix 1400 Series B v21.001 and prior, as well as MicroLogix 1400 Series A (all versions) and MicroLogix 1100 (all versions). No direct mitigations exist for Series A or 1100 controllers.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication.
  • ·For MicroLogix 1400 Series B, applying FRN 21.002 or later and enabling the enhanced password security feature is the recommended remediation; RSLogix 500 v11 or later used with FRN 21.001 or later on Series B is also recommended.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.