CVE-2014-0755

EPSS 0%
Veröffentlicht 05.02.2014 05:15:29
Zuletzt bearbeitet 19.09.2025 19:15:35
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Rslogix 5000 Design And Configuration Software Version7.0

Rockwellautomation ≫ Logix 5000 Controller Version-

Rockwellautomation ≫ Rslogix 5000 Design And Configuration Software Version18.0

Rockwellautomation ≫ Logix 5000 Controller Version-

Rockwellautomation ≫ Rslogix 5000 Design And Configuration Software Version20.01

Rockwellautomation ≫ Logix 5000 Controller Version-

Rockwellautomation ≫ Rslogix 5000 Design And Configuration Software Version21.0

Rockwellautomation ≫ Logix 5000 Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	6.3	3.4	9.2	AV:L/AC:M/Au:N/C:C/I:C/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01

US Government Resource

http://osvdb.org/102858

http://www.securityfocus.com/bid/65337

https://exchange.xforce.ibmcloud.com/vulnerabilities/90981

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204

https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01

https://nvd.nist.gov/vuln/detail/CVE-2014-0755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0755

EUVD