CVE-2020-6988 - OpenCVE

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Micrologix 1100 Firmware Micrologix 1100 Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1400 Rslogix 500

Configuration 1 [-]

AND

OR	cpe:2.3:o:rockwellautomation:micrologix_1400_a_firmware::::::::
	cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware::::::::

cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-20-070-06	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2020-03-16T15:38:36

Updated: 2020-03-16T15:38:36

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-6988

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-16T16:15:14.767

Modified: 2020-03-20T14:29:14.390

Link: CVE-2020-6988

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior", "vendor": "n/a", "versions": [{"status": "affected", "version": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim\u2019s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-603", "description": "USE OF CLIENT-SIDE AUTHENTICATION CWE-603", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-16T15:38:36", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-6988", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior", "version": {"version_data": [{"version_value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim\u2019s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE OF CLIENT-SIDE AUTHENTICATION CWE-603"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-6988", "datePublished": "2020-03-16T15:38:36", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2020-03-16T15:38:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "614FFE85-E795-4590-B83D-87D759BA2AE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "344EE9F6-1E89-4BCA-BDED-800F274D7845", "versionEndIncluding": "21.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "196EA0BE-FDF3-46BE-B3DA-5F49208C5D80", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5252A0C-A923-4BA0-A857-9BF21F8BF79B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA42C7F4-EEC1-44D2-BD46-237969FF6E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8A9694E-1C9E-4DF4-B91F-753A5FB4CDD6", "versionEndIncluding": "12.001", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim\u2019s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials."}, {"lang": "es", "value": "Rockwell Automation MicroLogix 1400 Controllers Series B versiones v21.001 y anteriores, Series A, todas las versiones, MicroLogix 1100 Controller, todas las versiones, RSLogix 500 Software versiones v12.001 y anteriores, un atacante no autenticado remoto puede enviar una petici\u00f3n desde el software RSLogix 500 hacia el controlador MicroLogix de la v\u00edctima. El controlador responder\u00e1 al cliente con los valores de contrase\u00f1a usados para autenticar al usuario en el lado del cliente. Este m\u00e9todo de autenticaci\u00f3n puede permitir a un atacante omitir la autenticaci\u00f3n por completo, revelar informaci\u00f3n confidencial o filtrar credenciales."}], "id": "CVE-2020-6988", "lastModified": "2020-03-20T14:29:14.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-16T16:15:14.767", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-603"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}