CVE-2020-6988
Description
Rockwell MicroLogix controllers and RSLogix 500 software have vulnerabilities allowing unauthenticated attackers to bypass authentication or disclose sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Rockwell MicroLogix controllers and RSLogix 500 software have vulnerabilities allowing unauthenticated attackers to bypass authentication or disclose sensitive information.
Vulnerability
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A (all versions), MicroLogix 1100 Controller (all versions), and RSLogix 500 Software v12.001 and prior are affected by vulnerabilities related to password protection and client-side authentication [1]. The cryptographic function used to protect passwords in the MicroLogix controller is discoverable, and the cryptographic key used to protect account passwords is hard-coded into the RSLogix 500 software [1].
Exploitation
An unauthenticated, remote attacker can send a request from the RSLogix 500 software to a victim's MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side, potentially allowing an attacker to bypass authentication [1].
Impact
Successful exploitation may allow an attacker to bypass authentication, disclose sensitive information, or leak credentials. This could lead to unauthorized access to the controller and sensitive project file information, including passwords [1].
Mitigation
Patched versions are not explicitly mentioned in the available references. Users are advised to consult Rockwell Automation for specific mitigation guidance. The affected products are MicroLogix 1400 Controllers Series B v21.001 and prior, Series A (all versions), MicroLogix 1100 Controller (all versions), and RSLogix 500 Software v12.001 and prior [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Rockwell Automation/MicroLogix 1400 Controllers Series B, MicroLogix 1100 Controller, RSLogix 500 Softwaredescription
- Range: <=12.001
- Range: all versions
- Range: <=21.001
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.us-cert.gov/ics/advisories/icsa-20-070-06nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.