Details of VAR-201402-0347

ID

VAR-201402-0347

CVE

CVE-2014-0755

TITLE

Rockwell Automation RSLogix 5000 Security Bypass Vulnerability

Trust: 1.4

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00720 // CNNVD: CNNVD-201402-036

DESCRIPTION

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. Rockwell Automation is a provider of industrial automation, control and information technology solutions. An attacker can exploit this issue to compromise user defined passwords. This results in unauthorized access and may lead to further attacks. RSLogix 5000 versions 7.0 through 20.01 and V21.0 are vulnerable. The software provides high-performance integrated control systems for manufacturers and machine builders who need medium-sized control systems, and also provides a unified development environment for Rockwell Automation Integrated Architecture systems. A security bypass vulnerability exists in Rockwell Automation RSLogix 5000 versions 7 through 20.01 and 21.0 due to the program not properly password-protecting the '.ACD' file

Trust: 2.7

sources: NVD: CVE-2014-0755 // JVNDB: JVNDB-2014-001314 // CNVD: CNVD-2014-00720 // BID: 65337 // IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68248

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00720

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	rslogix 5000 design and configuration software	scope:	eq	version:	20.01	Trust: 1.6
vendor:	rockwellautomation	model:	rslogix 5000 design and configuration software	scope:	eq	version:	7.0	Trust: 1.6
vendor:	rockwellautomation	model:	rslogix 5000 design and configuration software	scope:	eq	version:	21.0	Trust: 1.6
vendor:	rockwellautomation	model:	rslogix 5000 design and configuration software	scope:	eq	version:	18.0	Trust: 1.6
vendor:	rockwell automation	model:	logix5000 controller	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	rslogix 5000	scope:	eq	version:	21.0	Trust: 0.8
vendor:	rockwell automation	model:	rslogix 5000	scope:	eq	version:	7.0 to 20.01	Trust: 0.8
vendor:	rockwell	model:	software automation rslogix	scope:	eq	version:	50007-20.01	Trust: 0.6
vendor:	rockwell	model:	software automation rslogix	scope:	eq	version:	500021.0	Trust: 0.6
vendor:	rockwell	model:	automation rslogix	scope:	eq	version:	500021.0	Trust: 0.3
vendor:	rockwell	model:	automation rslogix	scope:	eq	version:	500020.01	Trust: 0.3
vendor:	rockwell	model:	automation rslogix	scope:	ne	version:	500021.03	Trust: 0.3
vendor:	rockwell	model:	automation rslogix	scope:	ne	version:	500020.03	Trust: 0.3
vendor:	rslogix 5000 design and configuration	model:	-	scope:	eq	version:	7.0	Trust: 0.2
vendor:	rslogix 5000 design and configuration	model:	-	scope:	eq	version:	18.0	Trust: 0.2
vendor:	rslogix 5000 design and configuration	model:	-	scope:	eq	version:	20.01	Trust: 0.2
vendor:	rslogix 5000 design and configuration	model:	-	scope:	eq	version:	21.0	Trust: 0.2

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00720 // BID: 65337 // CNNVD: CNNVD-201402-036 // JVNDB: JVNDB-2014-001314 // NVD: CVE-2014-0755

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0755
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-0755
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0755
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00720
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201402-036
value:	MEDIUM
Trust: 0.6
IVD:	3dbe138e-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-68248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0755
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2014-0755
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2014-00720
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3dbe138e-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68248
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00720 // VULHUB: VHN-68248 // CNNVD: CNNVD-201402-036 // JVNDB: JVNDB-2014-001314 // NVD: CVE-2014-0755 // NVD: CVE-2014-0755

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-522	Trust: 1.0

sources: VULHUB: VHN-68248 // JVNDB: JVNDB-2014-001314 // NVD: CVE-2014-0755

THREAT TYPE

local

Trust: 0.9

sources: BID: 65337 // CNNVD: CNNVD-201402-036

TYPE

Trust management

Trust: 0.8

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001314

PATCH

title:	Top Page	url:	http://www.rockwellautomation.com/	Trust: 0.8
title:	Top Page	url:	http://jp.rockwellautomation.com/	Trust: 0.8
title:	Rockwell Automation RSLogix 5000 Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/43439	Trust: 0.6

sources: CNVD: CNVD-2014-00720 // JVNDB: JVNDB-2014-001314

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0755	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-021-01	Trust: 3.4
db:	BID	id:	65337	Trust: 2.0
db:	OSVDB	id:	102858	Trust: 1.1
db:	CNNVD	id:	CNNVD-201402-036	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00720	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001314	Trust: 0.8
db:	IVD	id:	3DBE138E-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-68248	Trust: 0.1

sources: IVD: 3dbe138e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00720 // VULHUB: VHN-68248 // BID: 65337 // CNNVD: CNNVD-201402-036 // JVNDB: JVNDB-2014-001314 // NVD: CVE-2014-0755

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-021-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/65337	Trust: 1.1
url:	http://osvdb.org/102858	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90981	Trust: 1.1
url:	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0755	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0755	Trust: 0.8
url:	http://www.rockwellautomation.com/	Trust: 0.3

sources: CNVD: CNVD-2014-00720 // VULHUB: VHN-68248 // BID: 65337 // CNNVD: CNNVD-201402-036 // JVNDB: JVNDB-2014-001314 // NVD: CVE-2014-0755

CREDITS

Stephen Dunlap

Trust: 0.3

sources: BID: 65337

SOURCES

db:	IVD	id:	3dbe138e-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-00720
db:	VULHUB	id:	VHN-68248
db:	BID	id:	65337
db:	CNNVD	id:	CNNVD-201402-036
db:	JVNDB	id:	JVNDB-2014-001314
db:	NVD	id:	CVE-2014-0755

LAST UPDATE DATE

2025-09-20T23:21:48.134000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00720	date:	2014-02-12T00:00:00
db:	VULHUB	id:	VHN-68248	date:	2017-08-29T00:00:00
db:	BID	id:	65337	date:	2014-02-04T00:00:00
db:	CNNVD	id:	CNNVD-201402-036	date:	2014-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001314	date:	2014-02-06T00:00:00
db:	NVD	id:	CVE-2014-0755	date:	2025-09-19T19:15:35.777

SOURCES RELEASE DATE

db:	IVD	id:	3dbe138e-2352-11e6-abef-000c29c66e3d	date:	2014-02-12T00:00:00
db:	CNVD	id:	CNVD-2014-00720	date:	2014-02-13T00:00:00
db:	VULHUB	id:	VHN-68248	date:	2014-02-05T00:00:00
db:	BID	id:	65337	date:	2014-02-04T00:00:00
db:	CNNVD	id:	CNNVD-201402-036	date:	2014-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001314	date:	2014-02-06T00:00:00
db:	NVD	id:	CVE-2014-0755	date:	2014-02-05T05:15:29.930