CVE-2020-6990
9.8 CRITICALRockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi...
Published: 2020-03-16 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-321, CWE-798
Affected products
| Vendor | Product |
|---|---|
| rockwellautomation | micrologix_1100_firmware, micrologix_1400_a_firmware, micrologix_1400_b_firmware |
Description
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-33012 — Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause ... (8.6 HIGH)
- CVE-2021-32926 — When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that incl... (7.5 HIGH)
- CVE-2021-22659 — Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus... (8.6 HIGH)
- CVE-2020-6988 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (7.5 HIGH)
- CVE-2020-6984 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (7.5 HIGH)
Same CWE
- CVE-2026-47281 — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network (9.6 CRITICAL)
- CVE-2026-11505 — A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)
- CVE-2026-11414 — A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service
- CVE-2026-46395 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2025-71317 — NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access (9.8 CRITICAL)