Sign-up

ID

VAR-202003-1598


CVE

CVE-2020-6980


TITLE

plural Rockwell Automation Vulnerability in plaintext storage of important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-003036

DESCRIPTION

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the plaintext storage of important information.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. A number of Rockwell Automation products have information disclosure vulnerabilities. The vulnerability stems from the fact that the program writes the authentication data to the project file in clear text. The attacker can use this vulnerability to obtain SMTP server authentication data

Trust: 2.43

sources: NVD: CVE-2020-6980 // JVNDB: JVNDB-2020-003036 // CNVD: CNVD-2020-19521 // IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // VULHUB: VHN-185105

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // CNVD: CNVD-2020-19521

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.001

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1400 ascope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1100scope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:rslogix 500scope:lteversion:12.001

Trust: 1.0

vendor:rockwell automationmodel:micrologix 1100scope:eqversion:rslogix 5000

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 ascope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 bscope:eqversion:21.001

Trust: 0.8

vendor:rockwell automationmodel:rslogix 5000scope:eqversion:12.001

Trust: 0.8

vendor:rockwellmodel:automation micrologix controllers series ascope:eqversion:1400

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllers series bscope:eqversion:1400<=21.001

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllersscope:eqversion:1100

Trust: 0.6

vendor:rockwellmodel:automation rslogix softwarescope:eqversion:500<=12.001

Trust: 0.6

vendor:micrologix 1400 amodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1100model: - scope:eqversion:*

Trust: 0.2

vendor:rslogix 500model: - scope:eqversion:*

Trust: 0.2

sources: IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // CNVD: CNVD-2020-19521 // JVNDB: JVNDB-2020-003036 // NVD: CVE-2020-6980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6980
value: LOW

Trust: 1.0

NVD: JVNDB-2020-003036
value: LOW

Trust: 0.8

CNVD: CNVD-2020-19521
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-547
value: LOW

Trust: 0.6

IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a
value: LOW

Trust: 0.2

VULHUB: VHN-185105
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-6980
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003036
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19521
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-185105
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6980
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003036
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // CNVD: CNVD-2020-19521 // VULHUB: VHN-185105 // JVNDB: JVNDB-2020-003036 // CNNVD: CNNVD-202003-547 // NVD: CVE-2020-6980

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.9

sources: VULHUB: VHN-185105 // JVNDB: JVNDB-2020-003036 // NVD: CVE-2020-6980

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-547

TYPE

other

Trust: 0.8

sources: IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // CNNVD: CNNVD-202003-547

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003036

PATCH
title:Top Pageurl:https://ab.rockwellautomation.com/
Trust: 0.8
title:Patch for Multiple Rockwell Automation product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/210945
Trust: 0.6
title:Multiple Rockwell Automation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111865
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19521 // 
            
            
            
            JVNDB: JVNDB-2020-003036 // 
            
            
            
            CNNVD: CNNVD-202003-547

EXTERNAL IDS
db:NVDid:CVE-2020-6980
Trust: 3.3
db:ICS CERTid:ICSA-20-070-06
Trust: 3.1
db:CNNVDid:CNNVD-202003-547
Trust: 0.9
db:CNVDid:CNVD-2020-19521
Trust: 0.8
db:JVNDBid:JVNDB-2020-003036
Trust: 0.8
db:NSFOCUSid:46116
Trust: 0.6
db:IVDid:F00FB715-5925-4985-AE42-9EF51BC85D7A
Trust: 0.2
db:VULHUBid:VHN-185105
Trust: 0.1
sources:
            
            
            IVD: f00fb715-5925-4985-ae42-9ef51bc85d7a // 
            
            
            
            CNVD: CNVD-2020-19521 // 
            
            
            
            VULHUB: VHN-185105 // 
            
            
            
            JVNDB: JVNDB-2020-003036 // 
            
            
            
            CNNVD: CNNVD-202003-547 // 
            
            
            
            NVD: CVE-2020-6980

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-6980
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6980
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46116
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19521 // 
            
            
            
            VULHUB: VHN-185105 // 
            
            
            
            JVNDB: JVNDB-2020-003036 // 
            
            
            
            CNNVD: CNNVD-202003-547 // 
            
            
            
            NVD: CVE-2020-6980

SOURCES
db:IVDid:f00fb715-5925-4985-ae42-9ef51bc85d7a
db:CNVDid:CNVD-2020-19521
db:VULHUBid:VHN-185105
db:JVNDBid:JVNDB-2020-003036
db:CNNVDid:CNNVD-202003-547
db:NVDid:CVE-2020-6980

LAST UPDATE DATE
2024-11-23T22:05:45.303000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19521date:2020-03-26T00:00:00
db:VULHUBid:VHN-185105date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2020-003036date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-547date:2020-03-23T00:00:00
db:NVDid:CVE-2020-6980date:2024-11-21T05:36:25.563

SOURCES RELEASE DATE
db:IVDid:f00fb715-5925-4985-ae42-9ef51bc85d7adate:2020-03-10T00:00:00
db:CNVDid:CNVD-2020-19521date:2020-03-26T00:00:00
db:VULHUBid:VHN-185105date:2020-03-16T00:00:00
db:JVNDBid:JVNDB-2020-003036date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-547date:2020-03-10T00:00:00
db:NVDid:CVE-2020-6980date:2020-03-16T16:15:14.610