HIGH🇵🇱 Wersja polska

CVE-2020-6988

CVSS 7.5v3.1pub. 2020-03-16upd. 2026-06-03

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Rockwellautomation Micrologix 1100

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1100 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400 A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400 B Firmware

    OS
    Rockwellautomation
    ≤ 21.001
  • Rockwellautomation Rslogix 500

    APP
    Rockwellautomation
    ≤ 12.001
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-6990CRITICAL9.8ten sam produkt

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix...

CVE-2017-14465CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14462CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14463CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14464CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...