Sign-up

ID

VAR-202003-1613


CVE

CVE-2020-6990


TITLE

plural Rockwell Automation Vulnerabilities in the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-003039

DESCRIPTION

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. Vulnerabilities in trust management issues exist in many Rockwell Automation products. The vulnerability stems from the RSLogix 500 binary file with a hard-coded encryption key used to protect the account password

Trust: 2.43

sources: NVD: CVE-2020-6990 // JVNDB: JVNDB-2020-003039 // CNVD: CNVD-2020-19523 // IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7 // VULHUB: VHN-185115

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7 // CNVD: CNVD-2020-19523

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.001

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1400 ascope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:micrologix 1100scope:eqversion:*

Trust: 1.0

vendor:rockwellautomationmodel:rslogix 500scope:lteversion:12.001

Trust: 1.0

vendor:rockwell automationmodel:micrologix 1100scope:eqversion:rslogix 5000

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 ascope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:micrologix 1400 bscope:eqversion:21.001

Trust: 0.8

vendor:rockwell automationmodel:rslogix 5000scope:eqversion:12.001

Trust: 0.8

vendor:rockwellmodel:automation micrologix controllers series ascope:eqversion:1400

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllers series bscope:eqversion:1400<=21.001

Trust: 0.6

vendor:rockwellmodel:automation micrologix controllersscope:eqversion:1100

Trust: 0.6

vendor:rockwellmodel:automation rslogix softwarescope:eqversion:500<=12.001

Trust: 0.6

vendor:micrologix 1400 amodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

vendor:micrologix 1100model: - scope:eqversion:*

Trust: 0.2

vendor:rslogix 500model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7 // CNVD: CNVD-2020-19523 // JVNDB: JVNDB-2020-003039 // NVD: CVE-2020-6990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6990
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003039
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-19523
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-558
value: CRITICAL

Trust: 0.6

IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7
value: HIGH

Trust: 0.2

VULHUB: VHN-185115
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-6990
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003039
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19523
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-185115
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6990
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003039
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7 // CNVD: CNVD-2020-19523 // VULHUB: VHN-185115 // JVNDB: JVNDB-2020-003039 // CNNVD: CNNVD-202003-558 // NVD: CVE-2020-6990

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-321

Trust: 1.0

sources: VULHUB: VHN-185115 // JVNDB: JVNDB-2020-003039 // NVD: CVE-2020-6990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-558

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-558

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003039

PATCH
title:Top Pageurl:https://ab.rockwellautomation.com/
Trust: 0.8
title:Patch for Multiple Rockwell Automation product trust management issuesurl:https://www.cnvd.org.cn/patchInfo/show/210939
Trust: 0.6
title:Multiple Rockwell Automation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111504
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19523 // 
            
            
            
            JVNDB: JVNDB-2020-003039 // 
            
            
            
            CNNVD: CNNVD-202003-558

EXTERNAL IDS
db:NVDid:CVE-2020-6990
Trust: 3.3
db:ICS CERTid:ICSA-20-070-06
Trust: 3.1
db:CNNVDid:CNNVD-202003-558
Trust: 0.9
db:CNVDid:CNVD-2020-19523
Trust: 0.8
db:JVNDBid:JVNDB-2020-003039
Trust: 0.8
db:NSFOCUSid:46115
Trust: 0.6
db:IVDid:7D0FAD42-360F-41A5-991B-69082CDD59C7
Trust: 0.2
db:VULHUBid:VHN-185115
Trust: 0.1
sources:
            
            
            IVD: 7d0fad42-360f-41a5-991b-69082cdd59c7 // 
            
            
            
            CNVD: CNVD-2020-19523 // 
            
            
            
            VULHUB: VHN-185115 // 
            
            
            
            JVNDB: JVNDB-2020-003039 // 
            
            
            
            CNNVD: CNNVD-202003-558 // 
            
            
            
            NVD: CVE-2020-6990

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-6990
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6990
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46115
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19523 // 
            
            
            
            VULHUB: VHN-185115 // 
            
            
            
            JVNDB: JVNDB-2020-003039 // 
            
            
            
            CNNVD: CNNVD-202003-558 // 
            
            
            
            NVD: CVE-2020-6990

SOURCES
db:IVDid:7d0fad42-360f-41a5-991b-69082cdd59c7
db:CNVDid:CNVD-2020-19523
db:VULHUBid:VHN-185115
db:JVNDBid:JVNDB-2020-003039
db:CNNVDid:CNNVD-202003-558
db:NVDid:CVE-2020-6990

LAST UPDATE DATE
2024-11-23T22:05:45.376000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19523date:2020-03-26T00:00:00
db:VULHUBid:VHN-185115date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2020-003039date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-558date:2020-03-23T00:00:00
db:NVDid:CVE-2020-6990date:2024-11-21T05:36:26.807

SOURCES RELEASE DATE
db:IVDid:7d0fad42-360f-41a5-991b-69082cdd59c7date:2020-03-10T00:00:00
db:CNVDid:CNVD-2020-19523date:2020-03-26T00:00:00
db:VULHUBid:VHN-185115date:2020-03-16T00:00:00
db:JVNDBid:JVNDB-2020-003039date:2020-04-02T00:00:00
db:CNNVDid:CNNVD-202003-558date:2020-03-10T00:00:00
db:NVDid:CVE-2020-6990date:2020-03-16T16:15:14.843