Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 | Vendor Advisory |
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 | Permissions Required |
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 | Third Party Advisory US Government Resource |
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
|
History
04 Apr 2022, 20:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:schneider-electric:scd2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:epas_gtw:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:micom_c264_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1:*:*:*:*:windows:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:windows:*:* cpe:2.3:o:rockwellautomation:micro830_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:linux:*:* cpe:2.3:h:schneider-electric:easergy_c5:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:linux:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:saitel_dp:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro820:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:micom_c264:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro810:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:saitel_dp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro850:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:micro870:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:windows:*:* cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:* cpe:2.3:h:rockwellautomation:micro830:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:mc-31:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:cp-3:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:saitel_dr_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:pacis_gtw:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro820_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:micro810_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2:*:*:*:*:windows:*:* cpe:2.3:h:schneider-electric:saitel_dr:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:easergy_c5_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Schneider-electric saitel Dp
Rockwellautomation micro810 Schneider-electric easergy T300 Schneider-electric saitel Dp Firmware Schneider-electric saitel Dr Firmware Schneider-electric cp-3 Schneider-electric pacis Gtw Xylem multismart Firmware Rockwellautomation micro830 Schneider-electric easergy T300 Firmware Rockwellautomation micro870 Firmware Schneider-electric easergy C5 Schneider-electric scd2200 Firmware Rockwellautomation isagraf Runtime Schneider-electric easergy C5 Firmware Rockwellautomation Rockwellautomation micro820 Firmware Rockwellautomation micro810 Firmware Xylem Rockwellautomation aadvance Controller Rockwellautomation micro870 Schneider-electric micom C264 Firmware Rockwellautomation micro850 Schneider-electric saitel Dr Schneider-electric epas Gtw Schneider-electric epas Gtw Firmware Schneider-electric pacis Gtw Firmware Rockwellautomation micro830 Firmware Rockwellautomation micro850 Firmware Schneider-electric micom C264 Rockwellautomation isagraf Free Runtime Schneider-electric mc-31 Schneider-electric Rockwellautomation micro820 |
|
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (CONFIRM) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 - Permissions Required | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf - Vendor Advisory | |
References | (CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 - Vendor Advisory |
18 Mar 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-18 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2020-25184
Mitre link : CVE-2020-25184
CVE.ORG link : CVE-2020-25184
JSON object : View
Products Affected
rockwellautomation
- micro820_firmware
- isagraf_runtime
- micro810
- aadvance_controller
- micro810_firmware
- micro830_firmware
- micro830
- micro850_firmware
- micro870_firmware
- micro850
- micro820
- micro870
- isagraf_free_runtime
schneider-electric
- epas_gtw_firmware
- mc-31
- easergy_c5_firmware
- cp-3
- micom_c264_firmware
- easergy_c5
- pacis_gtw_firmware
- saitel_dp_firmware
- saitel_dp
- saitel_dr_firmware
- pacis_gtw
- scd2200_firmware
- epas_gtw
- easergy_t300
- easergy_t300_firmware
- micom_c264
- saitel_dr
xylem
- multismart_firmware