#VU25992 Cleartext storage of sensitive information in Rockwell Automation products - CVE-2020-6980
Vulnerability identifier: #VU25992
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-6980
CWE-ID:
CWE-312
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
MicroLogix 1400 Controllers Series A
Client/Desktop applications /
Software for system administration
MicroLogix 1400 Controllers Series B
Client/Desktop applications /
Software for system administration
Allen-Bradley MicroLogix 1100
Hardware solutions /
Office equipment, IP-phones, print servers
RSLogix 500 Software
Client/Desktop applications /
Other client software
Vendor: Rockwell Automation
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists when Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500 due to sensitive information is written to the project file in cleartext. A local attacker with access to a victim’s project may be able to gather SMTP server authentication data.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
MicroLogix 1400 Controllers Series A: All versions
MicroLogix 1400 Controllers Series B: 21.001
Allen-Bradley MicroLogix 1100: All versions
RSLogix 500 Software: before 11.00.00
External links
https://ics-cert.us-cert.gov/advisories/icsa-20-070-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
