Vulnerability Details : CVE-2014-0755
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-0755
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0755
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-0755
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0755
-
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01
Rockwell RSLogix 5000 Password Vulnerability | CISAUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
Rockwell Automation RSLogix 5000 ACD information disclosure CVE-2014-0755 Vulnerability Report
-
http://www.securityfocus.com/bid/65337
Rockwell Automation RSLogix 5000 CVE-2014-0755 Security Bypass Vulnerability
Products affected by CVE-2014-0755
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*