Vulnerability Details CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.6
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
Products affected by CVE-2020-25182
-
cpe:2.3:a:rockwellautomation:aadvance_controller:*
-
cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*
-
cpe:2.3:a:rockwellautomation:isagraf_runtime:*
-
cpe:2.3:h:rockwellautomation:micro810:-
-
cpe:2.3:h:rockwellautomation:micro820:-
-
cpe:2.3:h:rockwellautomation:micro830:-
-
cpe:2.3:h:rockwellautomation:micro850:-
-
cpe:2.3:h:rockwellautomation:micro870:-
-
cpe:2.3:h:schneider-electric:cp-3:-
-
cpe:2.3:h:schneider-electric:easergy_c5:-
-
cpe:2.3:h:schneider-electric:easergy_t300:-
-
cpe:2.3:h:schneider-electric:epas_gtw:-
-
cpe:2.3:h:schneider-electric:mc-31:-
-
cpe:2.3:h:schneider-electric:micom_c264:-
-
cpe:2.3:h:schneider-electric:pacis_gtw:-
-
cpe:2.3:h:schneider-electric:saitel_dp:-
-
cpe:2.3:h:schneider-electric:saitel_dr:-
-
cpe:2.3:o:rockwellautomation:micro810_firmware:-
-
cpe:2.3:o:rockwellautomation:micro820_firmware:-
-
cpe:2.3:o:rockwellautomation:micro830_firmware:-
-
cpe:2.3:o:rockwellautomation:micro850_firmware:-
-
cpe:2.3:o:rockwellautomation:micro870_firmware:-
-
cpe:2.3:o:schneider-electric:easergy_c5_firmware:*
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:-
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:1.5.2
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:2.7
-
cpe:2.3:o:schneider-electric:easergy_t300_firmware:2.7.1
-
cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4
-
cpe:2.3:o:schneider-electric:micom_c264_firmware:*
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1
-
cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3
-
cpe:2.3:o:schneider-electric:saitel_dp_firmware:*
-
cpe:2.3:o:schneider-electric:saitel_dr_firmware:*
-
cpe:2.3:o:schneider-electric:scd2200_firmware:*
-
cpe:2.3:o:xylem:multismart_firmware:*