CVE-2014-0755 (GCVE-0-2014-0755)
Vulnerability from cvelistv5
Published
2014-02-05 02:00
Modified
2025-09-19 18:46
Severity ?
CWE
Summary
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
References
ics-cert@hq.dhs.govhttp://osvdb.org/102858
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/65337
ics-cert@hq.dhs.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90981
ics-cert@hq.dhs.govhttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
af854a3a-2127-422b-91ae-364da2661108http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102858
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65337
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
Impacted products
Vendor Product Version
Rockwell Automation RSLogix 5000 software Version: V7   <
Version: V7   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rslogix-cve20140755-info-disc(90981)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
          },
          {
            "name": "102858",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102858"
          },
          {
            "name": "65337",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RSLogix 5000 software",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "V20.01",
              "status": "affected",
              "version": "V7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V21.0",
              "status": "affected",
              "version": "V7",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "V20.03"
            },
            {
              "status": "unaffected",
              "version": "V21.03"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Stephen Dunlap"
        }
      ],
      "datePublic": "2014-02-04T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.\u003c/p\u003e"
            }
          ],
          "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T18:46:05.180Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "rslogix-cve20140755-info-disc(90981)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01"
        },
        {
          "name": "102858",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102858"
        },
        {
          "name": "65337",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65337"
        },
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAccording to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\u003c/p\u003e\n\u003cp\u003eProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\u003c/p\u003e\n\u003cp\u003eIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\u003c/p\u003e\u003cp\u003eFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\n\u003cp\u003eIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWhere possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\u003c/li\u003e\n\u003cli\u003eWhere possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\u003c/li\u003e\n\u003cli\u003eWhere possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\u003c/li\u003e\n\u003cli\u003eWhere possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\u003c/a\u003e, \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\u003c/p\u003e\n\u003cp\u003eFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.rockwellautomation.com/solutions/security\"\u003ehttp://www.rockwellautomation.com/solutions/security\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "According to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\n\n\nProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\n\n\nIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\n\nFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u00a0 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204 \u00a0.\n\n\nIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\n\n\n\n  *  Where possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\n\n  *  Where possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\n\n  *  Where possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\n\n  *  Where possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\n\n  *  Where possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\n\n  *  Where possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\n\n\n\n\nRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 , \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\n\n\nFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n http://www.rockwellautomation.com/solutions/security ."
        }
      ],
      "source": {
        "advisory": "ICSA-14-021-01",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell RSLogix 5000 Insufficiently Protected Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rslogix-cve20140755-info-disc(90981)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
            },
            {
              "name": "102858",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102858"
            },
            {
              "name": "65337",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0755",
    "datePublished": "2014-02-05T02:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-09-19T18:46:05.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0755\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-02-05T05:15:29.930\",\"lastModified\":\"2025-09-19T19:15:35.777\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Rockwell Automation RSLogix 5000 7 hasta 20.01 y 21.0, no implementa debidamente la protecci\u00f3n por contrase\u00f1a de archivos .ACD (tambi\u00e9n conocidos como archivos de proyecto), lo cual permite a usuarios locales obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:N\",\"baseScore\":6.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B25AFECC-3BDB-4F8D-AC6E-D3432DE86966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"038A8096-81C1-4C1D-B042-48869FE23285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB4DEEC1-BDFF-48F6-A4A9-E971106DA8F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C298300-3C38-4899-9424-C2CB1C37ABA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:logix_5000_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C588EA2D-A90A-4B68-98F9-9C0072BFA473\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/102858\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.securityfocus.com/bid/65337\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90981\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://osvdb.org/102858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/65337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.