CVE-2020-6984
Description
The cryptographic function protecting passwords in Rockwell MicroLogix controllers is discoverable, allowing attackers to access sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The cryptographic function protecting passwords in Rockwell MicroLogix controllers is discoverable, allowing attackers to access sensitive information.
Vulnerability
The cryptographic function used to protect passwords in Rockwell Automation MicroLogix 1400 Controllers (Series B v21.001 and prior, Series A all versions), MicroLogix 1100 Controllers (all versions), and RSLogix 500 Software (v12.001 and prior) is discoverable. This vulnerability is identified as CWE-327 [1].
Exploitation
An attacker can exploit this vulnerability by sending a request from the RSLogix 500 software to a victim's MicroLogix controller. The controller then responds with password values, which can be used for further cryptographic attacks [1].
Impact
Successful exploitation allows an attacker to gain access to sensitive project file information, including passwords. This could lead to unauthorized access to the controller [1].
Mitigation
Not yet disclosed in the available references. Rockwell Automation products are affected by this vulnerability [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Rockwell Automation/MicroLogix 1400 Controllers Series B, MicroLogix 1100 Controller, RSLogix 500 Softwaredescription
- Range: <=v12.001
- Range: all versions
- Range: <=v21.001
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.us-cert.gov/ics/advisories/icsa-20-070-06nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.