CVE-2020-6984

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior Rockwell Automation MicroLogix 1400 Controllers Series A all versions Rockwell Automation MicroLogix 1100 Controller all versions RSLogix 500 Software versions 12.001 and prior

Description The issue is related to a cryptographic function used to protect passwords in the affected software. This function has a discoverable weakness, potentially allowing a remote attacker to gain unauthorized access to confidential information, including passwords. The vulnerability is associated with the use of flawed cryptographic algorithms.

Recommendations For Rockwell Automation MicroLogix 1400 Controllers Series B versions 21.001 and prior, update to a version later than 21.001. For Rockwell Automation MicroLogix 1400 Controllers Series A all versions, consider disabling password protection until a patch is available. For Rockwell Automation MicroLogix 1100 Controller all versions, restrict access to the device to minimize the risk of exploitation. For RSLogix 500 Software versions 12.001 and prior, update to a version later than 12.001.