CVE-2014-0755

Rockwell Automation RSLogix 5000 7-20.01 and 21.0 - Unprotected Project File Access

Title source: llm

Description

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

References (6)

Core 6

Core References

Various Sources

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204

US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90981

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/102858

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/65337

Scores

EPSS 0.0000

EPSS Percentile 0.2%

Details

CWE

CWE-255 CWE-522

Status published

Products (8)

Rockwell Automation/RSLogix 5000 software V20.03

Rockwell Automation/RSLogix 5000 software V21.03

Rockwell Automation/RSLogix 5000 software V7 - V20.01

Rockwell Automation/RSLogix 5000 software V7 - V21.0

rockwellautomation/rslogix_5000_design_and_configuration_software 7.0

rockwellautomation/rslogix_5000_design_and_configuration_software 18.0

rockwellautomation/rslogix_5000_design_and_configuration_software 20.01

rockwellautomation/rslogix_5000_design_and_configuration_software 21.0

Published Feb 05, 2014

Tracked Since Feb 18, 2026