Products

Solutions

Company

Book A Live Demo

CVE-2020-6980 : What You Need to Know

Learn about CVE-2020-6980 affecting Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, MicroLogix 1100 Controller, RSLogix 500 Software v12.001, allowing local attackers to access SMTP server authentication data.

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior are affected by a vulnerability that allows a local attacker to gather SMTP server authentication data.

Understanding CVE-2020-6980

This CVE involves the cleartext storage of sensitive information in Rockwell Automation products.

What is CVE-2020-6980?

The vulnerability in Rockwell Automation products allows a local attacker to access SMTP server authentication data stored in cleartext.

The Impact of CVE-2020-6980

The vulnerability could lead to unauthorized access to sensitive SMTP server authentication data, compromising email communication security.

Technical Details of CVE-2020-6980

This section provides more technical insights into the vulnerability.

Vulnerability Description

If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Affected Systems and Versions

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions

MicroLogix 1100 Controller, all versions

RSLogix 500 Software v12.001 and prior

Exploitation Mechanism

The vulnerability arises due to the cleartext storage of SMTP server authentication data, allowing unauthorized access by a local attacker.

Mitigation and Prevention

Protecting systems from this vulnerability is crucial for maintaining security.

Immediate Steps to Take

Avoid saving sensitive information like SMTP account data in cleartext within RSLogix 500.

Restrict access to projects containing SMTP server authentication data.

Long-Term Security Practices

Implement encryption mechanisms for sensitive data storage.

Regularly monitor and audit access to project files containing sensitive information.

Patching and Updates

Apply patches or updates provided by Rockwell Automation to address this vulnerability and enhance system security.

CVE-2020-6980 : What You Need to Know

Understanding CVE-2020-6980

What is CVE-2020-6980?

The Impact of CVE-2020-6980

Technical Details of CVE-2020-6980

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2020-6980 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2020-6980

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2020-6980?

The Impact of CVE-2020-6980

Technical Details of CVE-2020-6980

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2020-6980

What is CVE-2020-6980?

Is your System Free of Underlying Vulnerabilities?
Find Out Now