Vulnerability Details CVE-2020-25178
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 9.3
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
Products affected by CVE-2020-25178
-
cpe:2.3:a:rockwellautomation:aadvance_controller:*
-
cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*
-
cpe:2.3:a:rockwellautomation:isagraf_runtime:*
-
cpe:2.3:h:rockwellautomation:micro810:-
-
cpe:2.3:h:rockwellautomation:micro820:-
-
cpe:2.3:h:rockwellautomation:micro830:-
-
cpe:2.3:h:rockwellautomation:micro850:-
-
cpe:2.3:h:rockwellautomation:micro870:-
-
cpe:2.3:h:schneider-electric:cp-3:-
-
cpe:2.3:h:schneider-electric:easergy_c5:-
-
cpe:2.3:h:schneider-electric:easergy_t300:-
-
cpe:2.3:h:schneider-electric:epas_gtw:-
-
cpe:2.3:h:schneider-electric:mc-31:-
-
cpe:2.3:h:schneider-electric:micom_c264:-
-
cpe:2.3:h:schneider-electric:pacis_gtw:-
-
cpe:2.3:h:schneider-electric:saitel_dp:-
-
cpe:2.3:h:schneider-electric:saitel_dr:-
-
cpe:2.3:o:rockwellautomation:micro810_firmware:-
-
cpe:2.3:o:rockwellautomation:micro820_firmware:-
-
cpe:2.3:o:rockwellautomation:micro830_firmware:-
-
cpe:2.3:o:rockwellautomation:micro850_firmware:-
-
cpe:2.3:o:rockwellautomation:micro870_firmware:-
-
cpe:2.3:o:schneider-electric:easergy_c5_firmware:*
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:-
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:1.5.2
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:2.7
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:2.7.1
-
cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4
-
cpe:2.3:o:schneider-electric:micom_c264_firmware:*
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3
-
cpe:2.3:o:schneider-electric:saitel_dp_firmware:*
-
cpe:2.3:o:schneider-electric:saitel_dr_firmware:*
-
cpe:2.3:o:schneider-electric:scd2200_firmware:*
-
cpe:2.3:o:xylem:multismart_firmware:*