CVE-2020-6990 : What You Need to Know
Learn about CVE-2020-6990, a vulnerability in Rockwell Automation MicroLogix controllers where a hard-coded cryptographic key in RSLogix software could lead to unauthorized access. Find mitigation steps and prevention measures.
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, have a vulnerability where the cryptographic key protecting the account password is hard coded into the RSLogix 500 binary file. This issue could allow unauthorized access to the controller.
Understanding CVE-2020-6990
This CVE involves a hard-coded cryptographic key in Rockwell Automation MicroLogix controllers and RSLogix software, potentially leading to unauthorized access.
What is CVE-2020-6990?
The vulnerability in CVE-2020-6990 stems from the hard-coded cryptographic key in the RSLogix 500 binary file, which could be exploited by attackers to gain unauthorized access to the controller.
The Impact of CVE-2020-6990
The presence of the hard-coded cryptographic key poses a significant security risk as it could be leveraged by malicious actors to compromise the controller's security and gain unauthorized access.
Technical Details of CVE-2020-6990
This section delves into the technical aspects of the CVE.
Vulnerability Description
The cryptographic key used to protect the account password is hard coded into the RSLogix 500 binary file, potentially enabling attackers to identify and misuse it for unauthorized access.
Affected Systems and Versions
- Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions
- MicroLogix 1100 Controller, all versions
- RSLogix 500 Software v12.001 and prior
Exploitation Mechanism
The vulnerability allows attackers to extract the hard-coded cryptographic key from the RSLogix 500 binary file, which can then be used to launch further cryptographic attacks and gain unauthorized access to the controller.
Mitigation and Prevention
Protecting systems from CVE-2020-6990 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Implement network segmentation to restrict access to vulnerable devices
- Monitor network traffic for any suspicious activity
- Update security configurations to mitigate the risk of unauthorized access
Long-Term Security Practices
- Regularly update firmware and software to patch known vulnerabilities
- Conduct security assessments and penetration testing to identify and address weaknesses
- Educate personnel on cybersecurity best practices to enhance overall security posture
Patching and Updates
- Apply patches and updates provided by Rockwell Automation to remove the hard-coded cryptographic key and enhance system security