CVE-2020-6980

CVE-2020-6980 is a low-severity vulnerability in Rockwellautomation Rslogix 500 with a CVSS 3.x base score of 3.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-312.

Key facts

Description

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Frequently asked questions

What is CVE-2020-6980?
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
How severe is CVE-2020-6980?
CVE-2020-6980 has a CVSS 3.x base score of 3.3, rated low severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
Is CVE-2020-6980 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2020-6980?
CVE-2020-6980 primarily affects Rockwellautomation Rslogix 500. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2020-6980?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2020-6980 published?
CVE-2020-6980 was published on 2020-03-16 and last updated on 2026-06-17.

References

Affected products (4)

More vulnerabilities in Rockwellautomation Rslogix 500

All CVEs affecting Rockwellautomation Rslogix 500 →

Other CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities

Browse all CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities →