Skip to main content

Rslogix 5000 Design And Configuration Software CVE-2014-0755

MEDIUM
Insufficiently Protected Credentials (CWE-522)
2014-02-05 ics-cert@hq.dhs.gov
6.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:C/I:C/A:N
Attack Vector
Local
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 05, 2014 - 05:15 cve.org
MEDIUM 6.3

DescriptionCVE.org

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

AnalysisAI

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive. Rated medium severity (CVSS 6.3). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. Affected products include: Rockwellautomation Rslogix 5000 Design And Configuration Software. Version information: through 20.01.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

Share

CVE-2014-0755 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy