CVE-2014-0755

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:N

Exploitability : 3.4 / Impact : 9.2

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/102858
http://www.securityfocus.com/bid/65337
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204
https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01	US Government Resource
http://osvdb.org/102858
http://www.securityfocus.com/bid/65337
https://exchange.xforce.ibmcloud.com/vulnerabilities/90981

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:::::::*

cpe:2.3:h:rockwellautomation:logix_5000_controller:-:*:*:*:*:*:*:*

History

19 Sep 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~6.9~~ v3 : ~~unknown~~	v2 : 6.3 v3 : unknown
CWE		CWE-522
References		() https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204 - () https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01 -

Information

Published : 2014-02-05 05:15

Updated : 2025-09-19 19:15

NVD link : CVE-2014-0755

Mitre link : CVE-2014-0755

CVE.ORG link : CVE-2014-0755

JSON object : View

Products Affected

rockwellautomation

rslogix_5000_design_and_configuration_software
logix_5000_controller

CWE

CWE-522

Insufficiently Protected Credentials

CWE-255

Credentials Management Errors

{"id": "CVE-2014-0755", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 6.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-05T05:15:29.930", "references": [{"url": "http://osvdb.org/102858", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/65337", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/102858", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65337", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."}, {"lang": "es", "value": "Rockwell Automation RSLogix 5000 7 hasta 20.01 y 21.0, no implementa debidamente la protecci\u00f3n por contrase\u00f1a de archivos .ACD (tambi\u00e9n conocidos como archivos de proyecto), lo cual permite a usuarios locales obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-09-19T19:15:35.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25AFECC-3BDB-4F8D-AC6E-D3432DE86966"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038A8096-81C1-4C1D-B042-48869FE23285"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB4DEEC1-BDFF-48F6-A4A9-E971106DA8F5"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C298300-3C38-4899-9424-C2CB1C37ABA5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:logix_5000_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C588EA2D-A90A-4B68-98F9-9C0072BFA473"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}