Product:

Rslogix_500

(Rockwellautomation)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2020-03-16 CVE-2020-6980 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 3.3
2020-03-16 CVE-2020-6984 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 7.5
2020-03-16 CVE-2020-6988 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass... Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 7.5
2020-03-16 CVE-2020-6990 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 9.8