SB2020031124 - Multiple vulnrabilities in Rockwell Automation MicroLogix Controllers and RSLogix 500 Software

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031124

SB2020031124 - Multiple vulnrabilities in Rockwell Automation MicroLogix Controllers and RSLogix 500 Software

Published: March 11, 2020

Security Bulletin ID SB2020031124
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2020-6990)

The vulnerability allows a remote attacker to disclose sensitive information on the target system.

The vulnerability exists due to the cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. A remote attacker can identify cryptographic keys.


2) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-6984)

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to the cryptographic function utilized to protect the password in MicroLogix is discoverable. A remote attacker can gain access to sensitive project file information including passwords.


3) Use of Client-Side Authentication (CVE-ID: CVE-2020-6988)

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to a client/server product performs authentication within client code but not in server code. A remote attacker can send a specially crafted request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side.

This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.


4) Cleartext storage of sensitive information (CVE-ID: CVE-2020-6980)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists when Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500 due to sensitive information is written to the project file in cleartext. A local attacker with access to a victim’s project may be able to gather SMTP server authentication data.


Remediation

Install update from vendor's website.

References