ICSA-20-070-06
·
Published 2020-03-10
·
View on CISA ICS-CERT ↗
Rockwell Automation MicroLogix Controllers and RSLogix 500 Software
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive project file information including passwords.
Remediations
- For MicroLogix 1400 series B controllers, Rockwell recommends affected users apply FRN 21.002 or later for MicroLogix 1400 Series B devices and use the enhanced password security feature.
- Rockwell Automation reports that there are currently no mitigations for MicroLogix 1400 series A controllers or MicroLogix 1100 controllers.
- For RSLogix 500 software, Rockwell Automation recommends affected users apply v11 or later and use in conjunction with applied FRN 21.001 or later for Micrologix 1400 Series B devices. Other configurations do not have direct mitigations.
Affected Vendors
Rockwell Automation
Affected Products (4)
Rockwell Automation
·
RSLogix 500 Software
<= 12.001
Rockwell Automation
·
Series B
<= 21.001
Rockwell Automation
·
Series A
vers:all/*
Rockwell Automation
·
MicroLogix 1100 Controller
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more