fkie_cve-2014-0755
Vulnerability from fkie_nvd
Published
2014-02-05 05:15
Modified
2025-09-19 19:15
Severity ?
Summary
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
References
ics-cert@hq.dhs.govhttp://osvdb.org/102858
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/65337
ics-cert@hq.dhs.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90981
ics-cert@hq.dhs.govhttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
af854a3a-2127-422b-91ae-364da2661108http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102858
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65337
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
Impacted products
Vendor Product Version
rockwellautomation rslogix_5000_design_and_configuration_software 7.0
rockwellautomation rslogix_5000_design_and_configuration_software 18.0
rockwellautomation rslogix_5000_design_and_configuration_software 20.01
rockwellautomation rslogix_5000_design_and_configuration_software 21.0
rockwellautomation logix_5000_controller -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25AFECC-3BDB-4F8D-AC6E-D3432DE86966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038A8096-81C1-4C1D-B042-48869FE23285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB4DEEC1-BDFF-48F6-A4A9-E971106DA8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C298300-3C38-4899-9424-C2CB1C37ABA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:logix_5000_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C588EA2D-A90A-4B68-98F9-9C0072BFA473",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Rockwell Automation RSLogix 5000 7 hasta 20.01 y 21.0, no implementa debidamente la protecci\u00f3n por contrase\u00f1a de archivos .ACD (tambi\u00e9n conocidos como archivos de proyecto), lo cual permite a usuarios locales obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-0755",
  "lastModified": "2025-09-19T19:15:35.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-05T05:15:29.930",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://osvdb.org/102858"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/65337"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.