CVE-2020-25176
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime | 4.x | affected |
| Rockwell Automation | ISaGRAF Runtime | 5.x | affected |
Weaknesses
- CWE-23: CWE-23 Relative Path Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.