Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 | Mitigation Vendor Advisory |
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 | Permissions Required |
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 | Third Party Advisory US Government Resource |
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
|
History
04 Apr 2022, 20:56
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 - Permissions Required | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf - Third Party Advisory | |
References | (CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 - Mitigation, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 9.8 |
CWE | CWE-22 | |
First Time |
Schneider-electric saitel Dp
Rockwellautomation micro810 Schneider-electric easergy T300 Schneider-electric saitel Dp Firmware Schneider-electric saitel Dr Firmware Schneider-electric cp-3 Schneider-electric pacis Gtw Xylem multismart Firmware Rockwellautomation micro830 Schneider-electric easergy T300 Firmware Rockwellautomation micro870 Firmware Schneider-electric easergy C5 Schneider-electric scd2200 Firmware Rockwellautomation isagraf Runtime Schneider-electric easergy C5 Firmware Rockwellautomation Rockwellautomation micro820 Firmware Rockwellautomation micro810 Firmware Xylem Rockwellautomation aadvance Controller Rockwellautomation micro870 Schneider-electric micom C264 Firmware Rockwellautomation micro850 Schneider-electric saitel Dr Schneider-electric epas Gtw Schneider-electric epas Gtw Firmware Schneider-electric pacis Gtw Firmware Rockwellautomation micro830 Firmware Rockwellautomation micro850 Firmware Schneider-electric micom C264 Rockwellautomation isagraf Free Runtime Schneider-electric mc-31 Schneider-electric Rockwellautomation micro820 |
|
CPE | cpe:2.3:o:schneider-electric:scd2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:epas_gtw:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:micom_c264_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1:*:*:*:*:windows:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:windows:*:* cpe:2.3:o:rockwellautomation:micro830_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:linux:*:* cpe:2.3:h:schneider-electric:easergy_c5:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:linux:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:saitel_dp:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro820:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:micom_c264:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro810:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:saitel_dp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro850:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro870:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:windows:*:* cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:* cpe:2.3:h:rockwellautomation:micro830:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:mc-31:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:cp-3:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:saitel_dr_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:pacis_gtw:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro820_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro810_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:saitel_dr:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_c5_firmware:*:*:*:*:*:*:*:* |
18 Mar 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-18 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2020-25176
Mitre link : CVE-2020-25176
CVE.ORG link : CVE-2020-25176
JSON object : View
Products Affected
rockwellautomation
- micro830_firmware
- micro820_firmware
- micro850_firmware
- aadvance_controller
- micro830
- isagraf_runtime
- micro810
- micro820
- micro850
- micro810_firmware
- micro870_firmware
- isagraf_free_runtime
- micro870
schneider-electric
- epas_gtw
- mc-31
- epas_gtw_firmware
- saitel_dr_firmware
- micom_c264_firmware
- pacis_gtw_firmware
- easergy_c5_firmware
- cp-3
- saitel_dr
- scd2200_firmware
- saitel_dp
- easergy_c5
- easergy_t300
- easergy_t300_firmware
- saitel_dp_firmware
- micom_c264
- pacis_gtw
xylem
- multismart_firmware