CVE-2020-6990

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior Rockwell Automation MicroLogix 1400 Controllers Series A, all versions MicroLogix 1100 Controller, all versions RSLogix 500 Software versions 12.001 and prior

Description The issue is related to the use of a hard-coded cryptographic key in the RSLogix 500 binary file, which could allow an attacker to identify the key and use it for further cryptographic attacks. This could ultimately lead to a remote attacker gaining unauthorized access to the controller. The vulnerability may allow a remote attacker to elevate their privileges.

Recommendations For Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior, consider restricting access to the controller until a patch is available. For Rockwell Automation MicroLogix 1400 Controllers Series A, all versions, and MicroLogix 1100 Controller, all versions, restrict access to the controller to minimize the risk of exploitation. For RSLogix 500 Software versions 12.001 and prior, as a temporary workaround, consider disabling the use of the hard-coded cryptographic key until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.