Vulnerability-Lookup

FKIE_CVE-2014-0755

Vulnerability from fkie_nvd - Published: 2014-02-05 05:15 - Updated: 2025-09-19 19:15

Severity ?

Summary

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

References

URL	Tags
ics-cert@hq.dhs.gov	http://osvdb.org/102858
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/65337
ics-cert@hq.dhs.gov	https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
ics-cert@hq.dhs.gov	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/102858
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65337
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/90981

Impacted products

Vendor	Product	Version
rockwellautomation	rslogix_5000_design_and_configuration_software	7.0
rockwellautomation	rslogix_5000_design_and_configuration_software	18.0
rockwellautomation	rslogix_5000_design_and_configuration_software	20.01
rockwellautomation	rslogix_5000_design_and_configuration_software	21.0
rockwellautomation	logix_5000_controller	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25AFECC-3BDB-4F8D-AC6E-D3432DE86966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038A8096-81C1-4C1D-B042-48869FE23285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB4DEEC1-BDFF-48F6-A4A9-E971106DA8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C298300-3C38-4899-9424-C2CB1C37ABA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:logix_5000_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C588EA2D-A90A-4B68-98F9-9C0072BFA473",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Rockwell Automation RSLogix 5000 7 hasta 20.01 y 21.0, no implementa debidamente la protecci\u00f3n por contrase\u00f1a de archivos .ACD (tambi\u00e9n conocidos como archivos de proyecto), lo cual permite a usuarios locales obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-0755",
  "lastModified": "2025-09-19T19:15:35.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-05T05:15:29.930",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://osvdb.org/102858"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/65337"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2014-0755 (GCVE-0-2014-0755)

Vulnerability from cvelistv5 – Published: 2014-02-05 02:00 – Updated: 2025-09-19 18:46

Title

Rockwell RSLogix 5000 Insufficiently Protected Credentials

Summary

Severity ?

No CVSS data available.

CWE

CWE-522

Assigner

icscert

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://www.cisa.gov/news-events/ics-advisories/i…
	http://osvdb.org/102858	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/65337	vdb-entryx_refsource_BID
	https://rockwellautomation.custhelp.com/app/answe…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	RSLogix 5000 software	Affected: V7 , ≤ V20.01 (custom) Affected: V7 , ≤ V21.0 (custom) Unaffected: V20.03 Unaffected: V21.03

Credits

Stephen Dunlap

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rslogix-cve20140755-info-disc(90981)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
          },
          {
            "name": "102858",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102858"
          },
          {
            "name": "65337",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RSLogix 5000 software",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "V20.01",
              "status": "affected",
              "version": "V7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V21.0",
              "status": "affected",
              "version": "V7",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "V20.03"
            },
            {
              "status": "unaffected",
              "version": "V21.03"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Stephen Dunlap"
        }
      ],
      "datePublic": "2014-02-04T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.\u003c/p\u003e"
            }
          ],
          "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T18:46:05.180Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "rslogix-cve20140755-info-disc(90981)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01"
        },
        {
          "name": "102858",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102858"
        },
        {
          "name": "65337",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65337"
        },
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAccording to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\u003c/p\u003e\n\u003cp\u003eProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\u003c/p\u003e\n\u003cp\u003eIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\u003c/p\u003e\u003cp\u003eFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\n\u003cp\u003eIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWhere possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\u003c/li\u003e\n\u003cli\u003eWhere possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\u003c/li\u003e\n\u003cli\u003eWhere possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\u003c/li\u003e\n\u003cli\u003eWhere possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\u003c/a\u003e, \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\u003c/p\u003e\n\u003cp\u003eFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.rockwellautomation.com/solutions/security\"\u003ehttp://www.rockwellautomation.com/solutions/security\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "According to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\n\n\nProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\n\n\nIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\n\nFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u00a0 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204 \u00a0.\n\n\nIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\n\n\n\n  *  Where possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\n\n  *  Where possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\n\n  *  Where possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\n\n  *  Where possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\n\n  *  Where possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\n\n  *  Where possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\n\n\n\n\nRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 , \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\n\n\nFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n http://www.rockwellautomation.com/solutions/security ."
        }
      ],
      "source": {
        "advisory": "ICSA-14-021-01",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell RSLogix 5000 Insufficiently Protected Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rslogix-cve20140755-info-disc(90981)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
            },
            {
              "name": "102858",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102858"
            },
            {
              "name": "65337",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0755",
    "datePublished": "2014-02-05T02:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-09-19T18:46:05.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2014-0755

CVE-2014-0755 (GCVE-0-2014-0755)

Tags

Sightings

Nomenclature