Vulnerability Details : CVE-2014-0755
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
Products affected by CVE-2014-0755
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0755
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0755
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-0755
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0755
-
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01
Rockwell RSLogix 5000 Password Vulnerability | CISAUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
Rockwell Automation RSLogix 5000 ACD information disclosure CVE-2014-0755 Vulnerability Report
-
http://www.securityfocus.com/bid/65337
Rockwell Automation RSLogix 5000 CVE-2014-0755 Security Bypass Vulnerability
Jump to