Rockwell Automation RSLogix 5000 <= 21 .ACD File Password Protection Failure

medium Nessus Network Monitor Plugin ID 720213

Synopsis

Rockwell Automation RSLogix 5000 does not properly implement password protection for .ACD files (aka project files).

Description

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

Plugin Details

Severity: Medium

ID: 720213

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 2/4/2014

Vulnerability Publication Date: 2/4/2014

Reference Information

CVE: CVE-2014-0755

BID: 65337

Detections

Analytics