3.3

CVE-2020-6980

EPSS 0.01%
Veröffentlicht 16.03.2020 16:15:14
Zuletzt bearbeitet 21.11.2024 05:36:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Micrologix 1400 A Firmware

Rockwellautomation ≫ Micrologix 1400 Version-

Rockwellautomation ≫ Micrologix 1400 B Firmware Version <= 21.001

Rockwellautomation ≫ Micrologix 1400 Version-

Rockwellautomation ≫ Micrologix 1100 Firmware

Rockwellautomation ≫ Micrologix 1100 Version-

Rockwellautomation ≫ Rslogix 500 Version <= 12.001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.us-cert.gov/ics/advisories/icsa-20-070-06

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-6980

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6980

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6980

EUVD