CVE-2014-0755

Rockwellautomation Rslogix 5000 Desig... - Insufficiently Protected Credentials

Title source: rule

Description

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/102858

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90981

[Various Sources] https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65337

Scores

EPSS 0.0000

EPSS Percentile 0.1%

Classification

CWE

CWE-522 CWE-255

Status draft

Affected Products (4)

rockwellautomation/rslogix_5000_design_and_configuration_software

Timeline

Published Feb 05, 2014

Tracked Since Feb 18, 2026