The vulnerability of the RSLogix 500 software, the programmable logic controllers MicroLogix 1100 and MicroLogix 1400, allows a intruder to disclose confidential information.

🗓️ 13 Mar 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

RSLogix 500 software and MicroLogix 1100/1400 controllers have a user authentication flaw enabling remote disclosure of confidential data.

Reporter	Title	Published	Views	Family All 14
CNVD	Multiple Rockwell Automation Products Licensing Issues Vulnerabilities	11 Mar 202000:00	–	cnvd
CVE	CVE-2020-6988	16 Mar 202015:38	–	cve
Cvelist	CVE-2020-6988	16 Mar 202015:38	–	cvelist
EUVD	EUVD-2020-28128	7 Oct 202500:30	–	euvd
ICS	Rockwell Automation MicroLogix Controllers and RSLogix 500 Software	10 Mar 202000:00	–	ics
NVD	CVE-2020-6988	16 Mar 202016:15	–	nvd
OSV	CVE-2020-6988	16 Mar 202016:15	–	osv
Tenable Nessus	Rockwellautomation Micrologix Improper Authentication	27 May 202000:00	–	nessus
Tenable Nessus	Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Use of Client-Side Authentication (CVE-2020-6988)	7 Feb 202200:00	–	nessus
Prion	Authentication flaw	16 Mar 202016:15	–	prion

Vulners

Node

rockwell_automation rslogix_500Range≤12.001

OR

rockwell_automation allen_bradley_micrologix_1400_series_bRange≤21.002

Source	Link
us-cert	www.us-cert.gov/ics/advisories/icsa-20-070-06
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2020031124
web	www.web.nvd.nist.gov/view/vuln/detail
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-20-070-06

13 Mar 2020 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.03887

remote disclosure user authentication confidential information microLogix controllers rockwell software