Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 | Mitigation Vendor Advisory |
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 | Permissions Required |
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 | Third Party Advisory US Government Resource |
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
|
History
04 Apr 2022, 20:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 - Mitigation, Vendor Advisory | |
References | (CONFIRM) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 - Permissions Required | |
References | (CONFIRM) https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf - Third Party Advisory | |
CPE | cpe:2.3:h:rockwellautomation:micro870:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro820:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:saitel_dp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:micom_c264_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:scd2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1:*:*:*:*:windows:*:* cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:epas_gtw:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:micom_c264:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:easergy_c5:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:* cpe:2.3:h:schneider-electric:mc-31:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:linux:*:* cpe:2.3:o:schneider-electric:saitel_dr_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_c5_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:cp-3:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro820_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro810:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro810_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2:*:*:*:*:windows:*:* cpe:2.3:h:rockwellautomation:micro850:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:linux:*:* cpe:2.3:h:rockwellautomation:micro830:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:pacis_gtw:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:saitel_dp:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro830_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1:*:*:*:*:windows:*:* cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:saitel_dr:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 9.8 |
18 Mar 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-18 18:15
Updated : 2024-02-04 22:29
NVD link : CVE-2020-25176
Mitre link : CVE-2020-25176
CVE.ORG link : CVE-2020-25176
JSON object : View
Products Affected
schneider-electric
- cp-3
- saitel_dr
- easergy_c5
- easergy_t300_firmware
- mc-31
- scd2200_firmware
- pacis_gtw
- saitel_dp_firmware
- epas_gtw
- micom_c264
- saitel_dr_firmware
- easergy_c5_firmware
- easergy_t300
- micom_c264_firmware
- pacis_gtw_firmware
- saitel_dp
- epas_gtw_firmware
rockwellautomation
- isagraf_runtime
- micro810
- aadvance_controller
- isagraf_free_runtime
- micro810_firmware
- micro870_firmware
- micro830_firmware
- micro820
- micro870
- micro850
- micro830
- micro850_firmware
- micro820_firmware
xylem
- multismart_firmware