Sign-up

ID

VAR-202003-1602


CVE

CVE-2020-6984


TITLE

plural Rockwell Automation Vulnerabilities in the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-003037

DESCRIPTION

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems

Trust: 2.52

sources: NVD: CVE-2020-6984 // JVNDB: JVNDB-2020-003037 // CNVD: CNVD-2020-19524 // IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4 // VULHUB: VHN-185109 // VULMON: CVE-2020-6984

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4 // CNVD: CNVD-2020-19524

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.001

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1400 ascope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1100scope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:rslogix 500scope:lteversion:12.001

Trust: 1.0

vendor:rockwell automationmodel:micrologix 1100scope:eqversion:rslogix 5000

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 ascope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 bscope:eqversion:21.001

Trust: 0.8

vendor:rockwell automationmodel:rslogix 5000scope:eqversion:12.001

Trust: 0.8

vendor:rockwellmodel:automation micrologix controllers series ascope:eqversion:1400

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllers series bscope:eqversion:1400<=21.001

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllersscope:eqversion:1100

Trust: 0.6

vendor:rockwellmodel:automation rslogix softwarescope:eqversion:500<=12.001

Trust: 0.6

vendor:micrologix 1400 amodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1100model: - scope:eqversion:*

Trust: 0.2

vendor:rslogix 500model: - scope:eqversion:*

Trust: 0.2

sources: IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4 // CNVD: CNVD-2020-19524 // JVNDB: JVNDB-2020-003037 // NVD: CVE-2020-6984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6984
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003037
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-19524
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-555
value: HIGH

Trust: 0.6

IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4
value: HIGH

Trust: 0.2

VULHUB: VHN-185109
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-6984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6984
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19524
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-185109
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6984
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003037
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4 // CNVD: CNVD-2020-19524 // VULHUB: VHN-185109 // VULMON: CVE-2020-6984 // JVNDB: JVNDB-2020-003037 // CNNVD: CNNVD-202003-555 // NVD: CVE-2020-6984

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.9

sources: VULHUB: VHN-185109 // JVNDB: JVNDB-2020-003037 // NVD: CVE-2020-6984

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-555

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-555

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003037

PATCH
title:Top Pageurl:https://ab.rockwellautomation.com/
Trust: 0.8
title:Patch for Multiple Rockwell Automation product encryption problem vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/210941
Trust: 0.6
title:Multiple Rockwell Automation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111870
Trust: 0.6
title:Threatposturl:https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19524 // 
            
            
            
            VULMON: CVE-2020-6984 // 
            
            
            
            JVNDB: JVNDB-2020-003037 // 
            
            
            
            CNNVD: CNNVD-202003-555

EXTERNAL IDS
db:NVDid:CVE-2020-6984
Trust: 3.4
db:ICS CERTid:ICSA-20-070-06
Trust: 3.2
db:CNNVDid:CNNVD-202003-555
Trust: 0.9
db:CNVDid:CNVD-2020-19524
Trust: 0.8
db:JVNDBid:JVNDB-2020-003037
Trust: 0.8
db:NSFOCUSid:46117
Trust: 0.6
db:IVDid:B318FBD6-4CE3-4A42-89C5-871B18C445F4
Trust: 0.2
db:VULHUBid:VHN-185109
Trust: 0.1
db:VULMONid:CVE-2020-6984
Trust: 0.1
sources:
            
            
            IVD: b318fbd6-4ce3-4a42-89c5-871b18c445f4 // 
            
            
            
            CNVD: CNVD-2020-19524 // 
            
            
            
            VULHUB: VHN-185109 // 
            
            
            
            VULMON: CVE-2020-6984 // 
            
            
            
            JVNDB: JVNDB-2020-003037 // 
            
            
            
            CNNVD: CNNVD-202003-555 // 
            
            
            
            NVD: CVE-2020-6984

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-6984
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6984
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46117
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19524 // 
            
            
            
            VULHUB: VHN-185109 // 
            
            
            
            VULMON: CVE-2020-6984 // 
            
            
            
            JVNDB: JVNDB-2020-003037 // 
            
            
            
            CNNVD: CNNVD-202003-555 // 
            
            
            
            NVD: CVE-2020-6984

SOURCES
db:IVDid:b318fbd6-4ce3-4a42-89c5-871b18c445f4
db:CNVDid:CNVD-2020-19524
db:VULHUBid:VHN-185109
db:VULMONid:CVE-2020-6984
db:JVNDBid:JVNDB-2020-003037
db:CNNVDid:CNNVD-202003-555
db:NVDid:CVE-2020-6984

LAST UPDATE DATE
2024-11-23T22:05:45.266000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19524date:2020-03-26T00:00:00
db:VULHUBid:VHN-185109date:2020-03-20T00:00:00
db:VULMONid:CVE-2020-6984date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2020-003037date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-555date:2020-03-23T00:00:00
db:NVDid:CVE-2020-6984date:2024-11-21T05:36:26.053

SOURCES RELEASE DATE
db:IVDid:b318fbd6-4ce3-4a42-89c5-871b18c445f4date:2020-03-10T00:00:00
db:CNVDid:CNVD-2020-19524date:2020-03-26T00:00:00
db:VULHUBid:VHN-185109date:2020-03-16T00:00:00
db:VULMONid:CVE-2020-6984date:2020-03-16T00:00:00
db:JVNDBid:JVNDB-2020-003037date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-555date:2020-03-10T00:00:00
db:NVDid:CVE-2020-6984date:2020-03-16T16:15:14.670