CVE-2020-6990
Description
A hard-coded cryptographic key in Rockwell RSLogix 500 allows attackers to gain unauthorized access to MicroLogix controllers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A hard-coded cryptographic key in Rockwell RSLogix 500 allows attackers to gain unauthorized access to MicroLogix controllers.
Vulnerability
The cryptographic key used to protect account passwords is hard-coded within the RSLogix 500 binary file. This affects MicroLogix 1400 Controllers Series B v21.001 and prior, Series A all versions, MicroLogix 1100 Controller all versions, and RSLogix 500 Software v12.001 and prior [1].
Exploitation
An attacker can identify the hard-coded cryptographic keys within the RSLogix 500 software. By using these keys, an attacker can perform further cryptographic attacks to ultimately gain unauthorized access to the controller remotely, without requiring any privileges or user interaction [1].
Impact
Successful exploitation allows an attacker to gain unauthorized access to the controller, potentially accessing sensitive project file information including passwords. This can lead to a compromise of confidentiality, integrity, and availability [1].
Mitigation
Rockwell Automation has not disclosed a fixed version or release date for this vulnerability. No workarounds are currently available in the provided references. The affected products are not listed as being end-of-life or on the CISA KEV catalog [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Rockwell Automation/MicroLogix 1400 Controllers Series B, MicroLogix 1100 Controller, RSLogix 500 Softwaredescription
- Range: <=12.001
- Range: all versions
- Range: <=21.001
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.us-cert.gov/ics/advisories/icsa-20-070-06nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.