CVE-2020-6980

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1400 Controllers versions prior to Series B v21.001 Rockwell Automation MicroLogix 1100 Controller all versions RSLogix 500 Software versions prior to v12.001

Description The issue is related to the Simple Mail Transfer Protocol (SMTP) in the affected software, where critical information is stored unencrypted. This allows an attacker to gain access to confidential information, specifically SMTP server authentication data, if they have access to a victim's project file. The data is written to the project file in cleartext.

Recommendations For Rockwell Automation MicroLogix 1400 Controllers versions prior to Series B v21.001, update to Series B v21.001 or later to resolve the issue. For Rockwell Automation MicroLogix 1100 Controller all versions, consider restricting access to project files to minimize the risk of exploitation. For RSLogix 500 Software versions prior to v12.001, avoid saving Simple Mail Transfer Protocol (SMTP) account data in RSLogix 500 until a patch is available.