Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-443
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon X80 BMXNOR0200H RTU versions antérieures à SV1.70 IR22 | ||
| Schneider Electric | N/A | module Definition de IGSS (Interactive Graphical SCADA System) versions antérieures à 15.0.0.21141 | ||
| Schneider Electric | N/A | PowerLogic PM5560 et PM5563 versions antérieures à V2.7.8 | ||
| Schneider Electric | N/A | PowerLogic PM5561 et PM5562 versions antérieures à V2.5.4 | ||
| Schneider Electric | N/A | PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n'est prévu) | ||
| Schneider Electric | N/A | PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n'est prévu) | ||
| Schneider Electric | N/A | Enerlin’X Com’X versions antérieures à V6.8.4 | ||
| Schneider Electric | N/A | les produits Schneider Electric utilisant RockWell ISaGRAF (se référer au bulletin de sécurité SEVD-2021-159-04 de l'éditeur, cf. section Documentation) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon X80 BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 SV1.70 IR22",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "module Definition de IGSS (Interactive Graphical SCADA System) versions ant\u00e9rieures \u00e0 15.0.0.21141",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic PM5560 et PM5563 versions ant\u00e9rieures \u00e0 V2.7.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic PM5561 et PM5562 versions ant\u00e9rieures \u00e0 V2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Enerlin\u2019X Com\u2019X versions ant\u00e9rieures \u00e0 V6.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "les produits Schneider Electric utilisant RockWell ISaGRAF (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 SEVD-2021-159-04 de l\u0027\u00e9diteur, cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22753"
},
{
"name": "CVE-2021-22750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22750"
},
{
"name": "CVE-2021-22763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22763"
},
{
"name": "CVE-2021-22767",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22767"
},
{
"name": "CVE-2021-22754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22754"
},
{
"name": "CVE-2021-22756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22756"
},
{
"name": "CVE-2021-22765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22765"
},
{
"name": "CVE-2021-22755",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22755"
},
{
"name": "CVE-2020-25176",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25176"
},
{
"name": "CVE-2021-22764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22764"
},
{
"name": "CVE-2020-25178",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25178"
},
{
"name": "CVE-2021-22768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22768"
},
{
"name": "CVE-2021-22749",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22749"
},
{
"name": "CVE-2021-22752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22752"
},
{
"name": "CVE-2021-22760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22760"
},
{
"name": "CVE-2020-25180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25180"
},
{
"name": "CVE-2021-22766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22766"
},
{
"name": "CVE-2021-22761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22761"
},
{
"name": "CVE-2021-22758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22758"
},
{
"name": "CVE-2021-22769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
},
{
"name": "CVE-2020-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25184"
},
{
"name": "CVE-2021-22759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22759"
},
{
"name": "CVE-2021-22751",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22751"
},
{
"name": "CVE-2021-22757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22757"
},
{
"name": "CVE-2021-22762",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22762"
},
{
"name": "CVE-2020-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25182"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-03 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-04 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-05 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-01 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-02 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-06 du 08 juin 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06"
}
]
}
CVE-2020-25176 (GCVE-0-2020-25176)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 17:59
VLAI
EPSS
Title
Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal
Summary
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
Severity
9.1 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
Kaspersky reported these vulnerabilities to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:56.007245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:59:33.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application\u2019s directory, which could lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:31.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25176",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application\u2019s directory, which could lead to remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25176",
"datePublished": "2022-03-18T18:00:31.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:59:33.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25178 (GCVE-0-2020-25178)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 17:59
VLAI
EPSS
Title
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information
Summary
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Severity
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
Kaspersky reported these vulnerabilities to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:01.981533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:59:55.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25178",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25178",
"datePublished": "2022-03-18T18:00:30.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:59:55.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25180 (GCVE-0-2020-25180)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 16:41
VLAI
EPSS
Title
Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Severity
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
Kaspersky reported these vulnerabilities to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:32.683113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:41:46.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25180",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25180",
"datePublished": "2022-03-18T18:00:33.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:41:46.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25182 (GCVE-0-2020-25182)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 17:59
VLAI
EPSS
Title
Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
Severity
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
Kaspersky reported these vulnerabilities to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:58.796672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:59:44.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25182",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25182",
"datePublished": "2022-03-18T18:00:30.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:59:44.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25184 (GCVE-0-2020-25184)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 17:59
VLAI
EPSS
Title
Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
Severity
7.8 (High)
CWE
- CWE-256 - Unprotected Storage of Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
Kaspersky reported these vulnerabilities to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:53.426611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:59:21.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Unprotected Storage of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:32.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25184",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25184",
"datePublished": "2022-03-18T18:00:32.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:59:21.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22749 (GCVE-0-2021-22749)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
Severity
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior |
Affected:
Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:40:45.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior",
"version": {
"version_data": [
{
"version_value": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22749",
"datePublished": "2021-06-11T15:40:45.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22750 (GCVE-0-2021-22750)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition.
Severity
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IGSS Definition (Def.exe) V15.0.0.21041 and prior |
Affected:
IGSS Definition (Def.exe) V15.0.0.21041 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IGSS Definition (Def.exe) V15.0.0.21041 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "IGSS Definition (Def.exe) V15.0.0.21041 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:40:45.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IGSS Definition (Def.exe) V15.0.0.21041 and prior",
"version": {
"version_data": [
{
"version_value": "IGSS Definition (Def.exe) V15.0.0.21041 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22750",
"datePublished": "2021-06-11T15:40:45.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22751 (GCVE-0-2021-22751)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition.
Severity
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IGSS Definition (Def.exe) V15.0.0.21140 and prior |
Affected:
IGSS Definition (Def.exe) V15.0.0.21140 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:40:45.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"version": {
"version_data": [
{
"version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22751",
"datePublished": "2021-06-11T15:40:45.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22752 (GCVE-0-2021-22752)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.
Severity
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IGSS Definition (Def.exe) V15.0.0.21140 and prior |
Affected:
IGSS Definition (Def.exe) V15.0.0.21140 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:40:46.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"version": {
"version_data": [
{
"version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22752",
"datePublished": "2021-06-11T15:40:46.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22753 (GCVE-0-2021-22753)
Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IGSS Definition (Def.exe) V15.0.0.21140 and prior |
Affected:
IGSS Definition (Def.exe) V15.0.0.21140 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:40:46.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
"version": {
"version_data": [
{
"version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22753",
"datePublished": "2021-06-11T15:40:46.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…