3.3

CVE-2020-6980

EPSS 0.01%
Published 16.03.2020 16:15:14
Last modified 21.11.2024 05:36:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Micrologix 1400 A Firmware

Rockwellautomation ≫ Micrologix 1400 Version-

Rockwellautomation ≫ Micrologix 1400 B Firmware Version <= 21.001

Rockwellautomation ≫ Micrologix 1400 Version-

Rockwellautomation ≫ Micrologix 1100 Firmware

Rockwellautomation ≫ Micrologix 1100 Version-

Rockwellautomation ≫ Rslogix 500 Version <= 12.001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.us-cert.gov/ics/advisories/icsa-20-070-06

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-6980

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6980

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6980

EUVD