How severe is CVE-2020-6988?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-6988?

This is classified as CWE-603, which is a common weakness in software security.

CVE-2020-6988 - HIGH Severity | CVSS 7.5

Vulnerability Description

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

Related Vulnerabilities

CVE-2024-28627

HIGH

CVSS:7.5(High)

An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.

CWE-6032024

CVE-2024-45785

HIGH

CVSS:7.5(High)

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved.

CWE-6032024

CVE-2025-24517

HIGH

CVSS:7.5(High)

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentic...

CWE-6032025

CVE-2020-27266

MEDIUM

CVSS:6.5(Medium)

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically prox...

CWE-6032020

CVE-2024-52327

MEDIUM

CVSS:6.5(Medium)

The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.

CWE-6032024

CVE-2020-7591

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (p...

CWE-6032020