CVE-2020-6990

Опубликовано: 16 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Ссылки

https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Third Party Advisory
US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-070-06
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:rockwellautomation:micrologix_1400_a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*

Версия до 21.001 (включая)

cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:*

Версия до 12.001 (включая)

EPSS

Процентиль: 35%

0.00146

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-321

CWE-798

Связанные уязвимости

GHSA-7m5h-j2pg-2jr2

github

больше 3 лет назад